Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
request project request vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-8424
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php.
Cups Easy Project Cups Easy 1.0
1 Github repository
6.8
CVSSv2
CVE-2013-2107
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin prior to 5.2.0 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mail...
Mail On Update Project Mail On Update
Mail On Update Project Mail On Update 5.0.0
1 EDB exploit
6.8
CVSSv2
CVE-2012-1978
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an admi...
Simple Php Agenda Project Simple Php Agenda
1 EDB exploit
6.8
CVSSv2
CVE-2014-3850
Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a reques...
Member Approval Plugin Project Member Approval 131109
6.8
CVSSv2
CVE-2021-24581
The Blue Admin WordPress plugin up to and including 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its setti...
Blue-admin Project Blue-admin
7.5
CVSSv2
CVE-2020-27197
TAXII libtaxii up to and including 1.1.117, as used in EclecticIQ OpenTAXII up to and including 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out tha...
Libtaxii Project Libtaxii
Eclecticiq Opentaxii
6.8
CVSSv2
CVE-2019-18884
index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users.
Fairsketch Rise - Ultimate Project Manager 2.3
6.8
CVSSv2
CVE-2020-26522
A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote malicious users to hijack the authentication of administrators for requests that create new administrative accounts.
Garfield Petshop Project Garfield Petshop
6.8
CVSSv2
CVE-2014-4163
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to ...
Featured Comments Plugin Project Featured Comments 1.2.1
1 EDB exploit
NA
CVE-2022-45059
An issue exists in Varnish Cache 7.x prior to 7.1.2 and 7.2.x prior to 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the ...
Varnish Cache Project Varnish Cache 7.2.0
Varnish Cache Project Varnish Cache
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »