PT-2026-22761

Name of the Vulnerable Software and Affected Versions Nokia IMPACT versions through 19.11.2.10-20210118042150283 Description A Cross-Site Request Forgery CSRF issue exists in Nokia IMPACT. This allows a remote attacker to import and overwrite the entire application configuration. The issue is due...

CVE-2025-58430 listmonk Vulnerable to CSRF to XSS Chain That Can Lead to Admin Account Takeover

listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie session there included nonce. The value is not checked and validated by the backend, removing nonce allows the requests to be...

PT-2025-36937

Name of the Vulnerable Software and Affected Versions listmonk versions 1.1.0 and earlier Description listmonk, a standalone newsletter and mailing list manager, is susceptible to a chain of vulnerabilities involving Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS. Specifically, the...

listmonk 跨站请求伪造漏洞

listmonk is a high-performance, self-hosted, newsletter and mailing list manager with a modern dashboard from the individual developer Kailash Nadh. A cross-site request forgery vulnerability exists in listmonk 1.1.0 and prior versions, which stems from an unvalidated nonce value and could lead t...

CVE-2025-1320

The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request...