Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2022-38775: Security issues

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

CVE
#sql#xss#csrf#vulnerability#web#ios#mac#windows#debian#dos#apache#nodejs#js#git#java#kubernetes#rce#perl#ldap#ssrf#pdf#log4j#oauth#auth#ibm#ruby#postgres#jira#chrome#ssl
GHSA-r3c9-9j5q-pwv4: magento-lts Reset Password not protected against well-timed CSRF

### Impact Password reset form is vulnerable to CSRF between time reset password link is clicked and user submits new password. ### Patches Versions 19.4.22 and 20.0.19 contain patches. ### Workarounds None ### References See https://hackerone.com/reports/1086752

GHSA-9c64-x3cx-vgmm: Cross-Site Request Forgery in modoboa

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

CVE-2022-4548

The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

CVE-2022-4017

The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks

CVE-2023-0438

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

GHSA-829q-v5g8-hhxc: CakePHP has incorrect Cross-Site Request Forgery validation

CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data.

CVE-2023-0406: Enforce POST method for account delete view · modoboa/modoboa@7f0573e

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

New Microsoft Azure Vulnerability Uncovered — Experts Warn of RCE Attacks

A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "The vulnerability is achieved through CSRF (cross-site request forgery) on the ubiquitous SCM service Kudu," Ermetic researcher Liv Matan said in a report shared with The Hacker News. "By