133 matches found
CVE-2023-4926
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkdeleteproducts function. This makes it possible for unauthenticated attackers to delete products via a forged request...
CVE-2023-45687 Authentication bypass via session fixation in Titan MFT and Titan SFTP servers
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing...
Code injection
?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...
Nextcloud: DNS pin middleware can be tricked into DNS rebinding allowing SSRF
A vulnerability was disclosed where the DNS pin middleware could be tricked into DNS rebinding, allowing SSRF...
CVE-2022-4023
The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...
CVE-2023-37961
A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2021-4402 Multiple Roles <= 1.3.1- Cross-Site Request Forgery Bypass
The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the muaddrolesinsignupmeta and muaddrolesinsignupmetarecently functions. This makes it possible for unauthenticated...
3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad
Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...
CVE-2023-3198 MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Status Update
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatestatusordermessage function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site...
CVE-2023-2526
The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forg...
CVE-2021-4349
The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into...
CVE-2023-33006
A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2023-27911
A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution...
Vulnerability fixed in Adobe Digital Editions
Adobe has fixed a vulnerability in Digital Editions. A malicious party can exploit the vulnerability to execute arbitrary code execute arbitrary code. To do this, the malicious party must trick the victim into opening a malicious file to open. Adobe has released updates to fix the vulnerability i...
CVE-2023-1927
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache...
CVE-2023-1923
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcremovecdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...
SUSE CVE-2022-24889
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surfac...
CVE-2022-41303
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system...
Double free
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system...
CVE-2022-41303
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system...