Quantum-Resilient Privacy Ledger (QRPL): a Sovereign Digital Currency for the Post-Quantum Era

The emergence of quantum computing presents profound challenges to existing cryptographic infrastructures, whilst the development of central bank digital currencies CBDCs has raised concerns regarding privacy preservation and excessive centralisation in digital payment systems. This paper propose...

GHSA-3M86-C9X3-VWM9 Graylog vulnerable to privilege escalation through API tokens

Impact Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests ...

PermRust: a Token-Based Permission System for Rust

Permission systems which restrict access to system resources are a well-established technology in operating systems, especially for smartphones. However, as such systems are implemented in the operating system they can at most manage access on the process-level. Since moderns software often reuse...

PT-2025-26334 · Unknown · Oganro Travel Portal Search Widget

Name of the Vulnerable Software and Affected Versions: Oganro Travel Portal Search Widget for HotelBeds APITUDE API versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. Recommendations: For Oganro Travel Portal...

PT-2025-24185 · Unknown · Alessandro Piconi Simple Keyword To Link

Name of the Vulnerable Software and Affected Versions: Alessandro Piconi Simple Keyword to Link versions 1.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attac...

Usability of Token-Based and Remote Electronic Signatures: a User Experience Study

As electronic signatures e-signatures become increasingly integral to secure digital transactions, understanding their usability and security perception from an end-user perspective has become crucial. This study empirically evaluates and compares two major e-signature systems -- token-based and...

CVE-2023-22814

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202...

CVE-2025-47781 Rallly Insufficient Password Login Token Entropy Leads to Account Takeover

Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the...

PT-2025-5253 · Anyroad · Anyroad

Name of the Vulnerable Software and Affected Versions: AnyRoad versions 1.3.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which affects AnyRoad. This allows for Cross Site Request Forgery. Recommendations: For versions 1.3.2 and earlier, update to a...

PT-2024-27744 · Sunbird Dcim · Dctrack

Name of the Vulnerable Software and Affected Versions: Sunbird DCIM dcTrack version 9.1.2 Description: A Cross-Site Request Forgery CSRF issue allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens. This can...

CVE-2024-10285

The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token...

PT-2024-32693 · Tinypng · Tinypng

Name of the Vulnerable Software and Affected Versions: TinyPNG versions prior to 3.4.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in TinyPNG. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that t...

PT-2024-31869 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: kishan0725's Hospital Management System version 6.3.5 Description: A Cross-Site Request Forgery CSRF issue exists, allowing an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an...

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. A privilege management error vulnerability exists in Apache StreamPark versions 1.0.0 through 2.1.4 and earlier, which can be exploited by an attacker to manually issue a reques...

PT-2024-4823 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue is related to cross-site request forgery, which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. This...

PT-2024-24569 · Switchwp · Wp Client Reports

Name of the Vulnerable Software and Affected Versions: WP Client Reports versions 1.0.22 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in SwitchWP WP Client Reports. This type of vulnerability allows an attacker to trick a user into performing unintended...

PT-2024-24029 · Creativethemes · Blocksy

Name of the Vulnerable Software and Affected Versions: Blocksy versions 2.0.22 and earlier Description: A Cross-Site Request Forgery CSRF issue affects Creative Themes HQ Blocksy. This issue allows an attacker to perform unintended actions on a user's account. Recommendations: For versions 2.0.22...

Threat actors misuse OAuth applications to automate financially driven attacks

Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for token-based authentication and authorization that enables applications to get access to data and resources based on permissions set by a user. Threat actors compromi...

PT-2023-32540 · Unknown · Finnj Frontier Post

Name of the Vulnerable Software and Affected Versions: finnj Frontier Post versions n/a through 6.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where an attacker...

PT-2023-24856 · Wpclever · Wpc Smart Wishlist For Woocommerce

Name of the Vulnerable Software and Affected Versions: WPClever WPC Smart Wishlist for WooCommerce plugin versions = 4.7.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...