| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0. |
| Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specially crafted URL while being logged in. |
| The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser's saved authorization to execute the request. |
| Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8. |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58. |
| A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. They are aware about it and are working on resolving it. |
| A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
| Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager
allows an authenticated user to gain unauthorized access to private personal information.
Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users.
This issue affects the following versions :
* Remote Desktop Manager Windows 2025.1.34.0 and earlier
*
Remote Desktop Manager macOS 2025.1.16.3 and earlier
*
Remote Desktop Manager Android 2025.1.3.3 and earlier
*
Remote Desktop Manager iOS 2025.1.6.0 and earlier |
| Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
|
| vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request. |
| Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. |
| Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz allows Stored XSS. This issue affects OnionBuzz: from n/a through 1.0.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in lucidcrew WP Forum Server allows Stored XSS. This issue affects WP Forum Server: from n/a through 1.8.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder allows Cross Site Request Forgery. This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.148. |
| Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA allows Cross Site Request Forgery. This issue affects WordPress CTA: from n/a through 1.6.9. |
| Cross-Site Request Forgery (CSRF) vulnerability in Writesonic Writesonic allows Cross Site Request Forgery. This issue affects Writesonic: from n/a through 1.0.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software IS-theme-companion allows Object Injection. This issue affects IS-theme-companion: from n/a through 1.57. |
| Cross-Site Request Forgery (CSRF) vulnerability in Anton Bond Additional Order Filters for WooCommerce allows Stored XSS. This issue affects Additional Order Filters for WooCommerce: from n/a through 1.22. |
