Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-25240: Bypassing SameSite cookie restrictions | Web Security Academy

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.

CVE
#xss#csrf#vulnerability#web#git#java#oauth#auth#chrome
CVE-2023-25717: Proof of Concept - Ruckus Wireless Admin (=<10.4 - Unauthenticated Remote Code Execution / CSRF / SSRF) - CYBIR - Cyber Security, Incident Response, & Digital Forensics

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

CVE-2022-41134: WordPress Optinly plugin <= 1.0.15 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions.

CVE-2023-23286: Provide server v.14.4

Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.

Red Hat Security Advisory 2023-0560-01

Red Hat Security Advisory 2023-0560-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, cross site request forgery, cross site scripting, denial of service, deserialization, and improper authorization vulnerabilities.

RHSA-2023:0560: Red Hat Security Advisory: OpenShift Container Platform 4.10.51 security update

Red Hat OpenShift Container Platform release 4.10.51 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7692: PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the ...

GHSA-2qxp-xmx6-cq4f: Cross-Site Request Forgery (CSRF) in wallabag/wallabag

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.

CVE-2023-0735: Merge pull request #6289 from wallabag/2.5/fix-csrf-user-deletion · wallabag/wallabag@268372d

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.