Lucene search
+L

7 matches found

euvd
euvd
added 2026/05/22 4:29 a.m.11 views

EUVD-2026-31411

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/18 12:0 a.m.30 views

PT-2026-41658

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description An issue exists where public/private permissions are not properly verified, allowing members who lack...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References11
redhatcve
redhatcve
added 2025/12/10 6:13 p.m.7 views

CVE-2025-34401

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a...

6.1CVSS5.8AI score0.00336EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/12/09 12:0 a.m.7 views

PT-2025-50146

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description The software contains a reflected cross-site scripting XSS issue in the Added parameter of the ''/Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx'' endpoint. The Added value is not properly...

6.1CVSS5.7AI score0.00418EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/08/28 12:0 a.m.10 views

PT-2025-34984

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS transmits passwords and login credentials via GET requests, potentially allowing a local attacker with access to a victim’s browser history to obtain credentials and log in as the user...

6.9CVSS6.2AI score0.00236EPSS
Exploits0References5
osv
osv
added 2025/01/14 7:20 p.m.5 views

CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS6.5AI score0.00188EPSS
Exploits0References4
cve
cve
added 2018/08/20 7:0 p.m.43 views

CVE-2018-1000640

OpenCart-Overclocked (

6.1CVSS6AI score0.00864EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder