Lucene search
K

133 matches found

OSV
OSV
added 2025/08/28 11:15 a.m.3 views

CVE-2025-54541

QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respon...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/08/25 6:5 a.m.9 views

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

6.2CVSS6.9AI score0.00886EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/12 5:14 a.m.9 views

CVE-2025-3892

ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a maliciou...

6.7CVSS0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.4 views

CVE-2023-23349

Kaspersky has fixed a security issue in Kaspersky Password Manager KPM for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form o...

2.2CVSS6.4AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:18 a.m.8 views

CVE-2019-5236

Huawei smart phones Emily-L29C with versions of 8.1.0.132aC432, 8.1.0.135C782, 8.1.0.154C10, 8.1.0.154C461, 8.1.0.154C635, 8.1.0.156C185, 8.1.0.156C605, 8.1.0.159C636 have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitati...

6.8CVSS6.8AI score0.00585EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/04/06 11:2 a.m.8 views

Basecamp: Two click Account Takeover

A vulnerability was discovered in the HEY Email Android application that allowed for a two-click account takeover. Improper handling of incoming deeplinks led to the application's authorization bearer token being sent to an attacker-controlled server if the user could be tricked into clicking a...

6.8AI score
Exploits0
OSV
OSV
added 2025/03/15 12:15 p.m.5 views

CVE-2025-1530

The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References6
OSV
OSV
added 2024/09/24 2:15 a.m.6 views

CVE-2024-8795

The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the myaccountupdate function. This makes it possible for unauthenticated attackers to update a user's accou...

8.8CVSS5.6AI score0.003EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/08/29 11:15 a.m.21 views

CVE-2024-43700

xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment...

7.8CVSS7.4AI score0.00258EPSS
Exploits0References5
OSV
OSV
added 2024/08/27 4:15 p.m.3 views

CVE-2024-8200

The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'updateapikey'...

4.3CVSS5.7AI score0.00213EPSS
Exploits0References3
NVD
NVD
added 2024/08/22 7:15 a.m.26 views

CVE-2024-42411

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older...

5.3CVSS0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/20 2:3 a.m.27 views

CVE-2024-7850 BP Profile Search <= 5.7.5 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bpsajaxfieldselector, bpsajaxtemplateoptions, and bpsajaxfieldrow functions. This makes it possible for...

6.1CVSS0.00215EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/30 4:31 a.m.33 views

CVE-2024-4218 AffiEasy <= 1.1.6 - Cross-Site Request Forgery to Various Actions

The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched version was...

6.5CVSS6.5AI score0.0022EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/30 2:38 p.m.15 views

CVE-2024-25938

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS8.9AI score0.15639EPSS
Exploits1References1
OSV
OSV
added 2024/03/21 2:51 a.m.4 views

CVE-2024-1213

The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esfinstasaveaccesstoken and efblsavefacebookaccesstoken...

4.3CVSS5.6AI score0.00241EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 10:15 a.m.23 views

Cross site request forgery (csrf)

The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the initendpoint function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged request...

4.3CVSS4.3AI score0.00275EPSS
Exploits0References4
OSV
OSV
added 2024/01/16 4:15 p.m.6 views

CVE-2022-3899

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...

8.1CVSS5.8AI score0.00404EPSS
Exploits2References1
Prion
Prion
added 2024/01/05 2:15 a.m.20 views

Cross site request forgery (csrf)

The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for...

4.3CVSS6.6AI score0.00198EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/12/09 12:0 a.m.7 views

WordPress Plugin Digital Publications by Supsystic Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Digital Publications by...

8.8CVSS8.6AI score0.00272EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/11/27 3:25 p.m.11 views

CVE-2023-35985

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. ...

8.8CVSS7.2AI score0.02673EPSS
Exploits1References1
Rows per page
Query Builder