Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2021-26272: ckeditor4/CHANGES.md at major · ckeditor/ckeditor4

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

CVE
#xss#csrf#vulnerability#web#ios#android#mac#windows#google#microsoft#nodejs#js#git#java
CVE-2021-21275: Build software better, together

The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.

CVE-2020-12525: VDE-2020-038 | CERT@VDE

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

CVE-2021-3133: Changeset 2454670 – WordPress Plugin Repository

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.

CVE-2020-35773: wp_create_nonce() | Function | WordPress Developer Resources

The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF.

CVE-2020-13527: TALOS-2020-1135 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2020-35135: Changeset 2434070 – WordPress Plugin Repository

The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.

CVE-2020-2322: Jenkins Security Advisory 2020-12-03

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.