21 matches found
EUVD-2015-9400
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-25748
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CSRF vulnerability in the gestioneutenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions e.g., modifying user passwords on...
VMWare Cloud Foundation Multiple Vulnerabilities (VMSA-2025-0009)
The remote host is running a version of Cloud Foundation version 4.5.x or earlier than 4.5.2.0 with Hotpatch KB398008 or 5.x earlier than 5.2.1.2. It is, therefore, affected by multiple vulnerabilities: - A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit thi...
CVE-2024-39408
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by...
WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF
The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks Make a logged in admin open an HTML page...
CVE-2022-4745 WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example...
WordPress Social Login and Register < 7.6.1 - Unauthenticated Arbitrary Content Deletion
The plugin does not have authorisation in some AJAX actions, allowing unauthenticated users to call them and perform unauthorised actions, such as delete social profile data...
Accommodation System <= 1.0.1 - Subscriber+ Unauthorised Actions
The plugin does not have authorisation in various actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions...
GHSA-825G-F3G2-6VXF QuickApps CMS Cross-site Scripting
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...
GHSA-CR3Q-658V-QV3X OpenCart-Overclocked Cross-site Scripting Vulnerability
Reflected Cross-Site Scripting XSS may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a us...
MC4WP: Mailchimp for WordPress < 4.8.5 - Unauthorised Actions via CSRF
The plugin did not properly check for CSRF in some of its actions handled by the listenforactions method hooked as admininit, allowing attackers to make logged in users with the manageoptions capability do unwanted actions such as empty the logs, dismiss notice and so on PoC...
CVE-2019-2498
Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite subcomponent: Partner Dash board. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacke...
CVE-2018-1000640
OpenCart-Overclocked version =1.11.1 contains a Cross Site Scripting XSS vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be...
CVE-2018-1000640
OpenCart-Overclocked version =1.11.1 contains a Cross Site Scripting XSS vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be...
Cross site scripting
OpenCart-Overclocked version =1.11.1 contains a Cross Site Scripting XSS vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be...
CVE-2018-1000640
OpenCart-Overclocked (
CVE-2018-1000640
OpenCart-Overclocked version =1.11.1 contains a Cross Site Scripting XSS vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be...
Cross site scripting
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...
CVE-2017-1000495
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...
CVE-2017-1000495
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account...