CVE-2026-44925

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

CVE-2026-44925

CVE-2026-44925 describes a Cross-Site Request Forgery (CSRF) in InfoScale v.9.1.3 Operations Manager (VIOM). The vulnerability arises from an ability for an attacker to coerce an active VIOM session user into clicking a crafted HTML link, resulting in unintended modifications within the VIOM web ...

Detecting Embedded Content in OOXML Documents

On Advanced Practices, we are always looking for new ways to find malicious activity and track adversaries over time. Today we’re sharing a technique we use to detect and cluster Microsoft Office documents—specifically those in the Office Open XML OOXML file format. Additionally, we’re releasing ...

CVE-2020-5641

Cross-site request forgery CSRF vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors...

SetucoCMS vulnerable to cross-site request forgery

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains cross-site request forgery vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...

LocalTapiola: Posting modified information in 'Investment section' will cause unintended information change in verkkopalvelu.tapiola.fi

Hello, Some strange account information modification is ongoing when intercepting and making small modifications to requests in 'investment section'. Login to portal and go to buy shares https://verkkopalvelu.tapiola.fi/jb2/ltvr/purchases or similar and pic 2025 A shares, intercept requests and...