385 matches found
CVE-2025-36411 Multiple vulnerabilities found in IBM ApplinX.
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2025-36411
IBM ApplinX 11.1 is affected by a CSRF vulnerability (CVE-2025-36411) that could allow an attacker to perform malicious actions on behalf of a trusted user. The issue is documented across multiple sources (including Red Hat and IBM bulletin) with the same vulnerability description. The IBM securi...
IBM ApplinX 跨站请求伪造漏洞
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is from a...
CVE-2024-41744
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...
EUVD-2025-203482
FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to versions 16.0.45 and 17.0.24 of the FreePBX framework, an authenticated local privilege escalation exists in the deprecated FreePBX startup script amportal. In the deprecated amportal utility, the...
WordPress Chartify plugin cross-site request forgery vulnerability
The WordPress Chartify plugin is a tool for quickly building charts and graphs in your WordPress site, designed to simplify the process of data visualization. WordPress Chartify plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately...
CVE-2025-62728
SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...
GHSA-932V-X9X2-VQ29 Hive Metastore Server is vulnerable to SQL Injection
SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...
Data Amplification
Overview processwire/processwire is a CMS/CMF. Affected versions of this package are vulnerable to Data Amplification via the Language Support admin interface. A user with lang-edit permission can cause resource exhaustion by uploading a malicious ZIP file that is automatically extracted without...
EUVD-2001-1208
Malware in sbrugna...
EUVD-2021-2118
Malware in sbrugna...
EUVD-2015-1157
Malware in sbrugna...
EUVD-2024-3012
Malicious code in bioql PyPI...
EUVD-2025-16746
Malicious code in bioql PyPI...
EUVD-2023-2766
Malicious code in bioql PyPI...
EUVD-2023-1797
Malicious code in bioql PyPI...
EUVD-2024-0283
Malicious code in bioql PyPI...
EUVD-2023-2470
Malicious code in bioql PyPI...
EUVD-2025-27577
Malicious code in bioql PyPI...