Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-49396: new_cms/CSRF exists at the newly added section of column management.md at main · nightcloudos/new_cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.

CVE
#csrf#vulnerability#git
CVE-2023-49397: new_cms/CSRF exists at the change of column management status.md at main · nightcloudos/new_cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.

CVE-2023-49395: new_cms/CSRF exists in the column management modification section.md at main · nightcloudos/new_cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.

CVE-2023-49381: cms/CSRF exists at the modification point of the custom table.md at main · cui2shark/cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.

CVE-2023-49378: cms/CSRF exists at the creation location of the custom table.md at main · cui2shark/cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.

CVE-2023-43472: Contrast discovers MLflow framework zero-day that threatens to poison machine language models

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

CVE-2023-5990

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks

CVE-2023-5979

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products

CVE-2023-5953

The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server