Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-49382: cms/CSRF exists at the deletion point of the custom table.md at main · cui2shark/cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.

CVE
#csrf#vulnerability#git
CVE-2023-49383: cms/Added CSRF in Label Management.md at main · cui2shark/cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.

CVE-2023-49396: new_cms/CSRF exists at the newly added section of column management.md at main · nightcloudos/new_cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.

CVE-2023-49397: new_cms/CSRF exists at the change of column management status.md at main · nightcloudos/new_cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.

CVE-2023-49395: new_cms/CSRF exists in the column management modification section.md at main · nightcloudos/new_cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.

CVE-2023-49381: cms/CSRF exists at the modification point of the custom table.md at main · cui2shark/cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.

CVE-2023-49378: cms/CSRF exists at the creation location of the custom table.md at main · cui2shark/cms

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.

CVE-2023-43472: Contrast discovers MLflow framework zero-day that threatens to poison machine language models

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

CVE-2023-5990

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks