Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2020-28653: Read me | OpManager Help

Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.

CVE
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#linux#cisco#red_hat#apache#redis#nodejs#js#git#java#oracle
CVE-2020-13569: TALOS-2020-1180 || Cisco Talos Intelligence Group

A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2021-26272: ckeditor4/CHANGES.md at major · ckeditor/ckeditor4

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

CVE-2021-21275: Build software better, together

The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.

CVE-2020-12525: VDE-2020-038 | CERT@VDE

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

CVE-2021-3133: Changeset 2454670 – WordPress Plugin Repository

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.

CVE-2020-35773: wp_create_nonce() | Function | WordPress Developer Resources

The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF.

CVE-2020-13527: TALOS-2020-1135 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2020-35135: Changeset 2434070 – WordPress Plugin Repository

The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.