Cross-Site Request Forgery

This vulnerability allows attackers to send unauthorized requests that can reveal or change user follow relationships on wpDiscuz without proper security checks. To exploit this, the attacker needs to trick a logged-in user into clicking a malicious link while they are on the site.

This vulnerability allows attackers to permanently delete all comments linked to a specific email address by tricking users into clicking on a malicious link or image. It requires the attacker to have a valid HMAC key and can be exploited without any confirmation from the user, making it particularly dangerous.

This vulnerability allows attackers to gain moderator privileges, execute tasks, delete posts, and accept friend requests on behalf of users without their consent. It occurs because the system fails to properly check security tokens, and it affects versions prior to 2.18.1, so upgrading is essential to protect against these risks.

This vulnerability allows an attacker to trick a logged-in admin into accidentally deleting events from the Court Reservation WordPress plugin. The attacker can exploit this flaw without needing direct access to the admin account, as long as the admin visits a malicious link.

This vulnerability allows an attacker to potentially take over a Ghost site by exploiting weak protections during the login process, making it easier for them to use stolen session tokens. It primarily affects versions 5.101.6 to 6.19.2, and users should upgrade to version 6.19.3 or later to fix the issue.

This vulnerability allows attackers to create new administrative user accounts on the Precurio Intranet Portal without needing to log in or have any special permissions. They can do this by sending specially crafted requests to a specific part of the system, taking advantage of a lack of security checks.

This vulnerability allows an attacker to create new admin user accounts on a WooCommerce site without needing to log in, potentially giving them full control over the store. It can be exploited by anyone, as long as they can trick a logged-in admin into executing a malicious request.

An attacker can exploit a security flaw in the RustDesk Client to trick users into changing their passwords without their consent, potentially giving the attacker access to the user's account. This vulnerability affects versions up to 1.4.5 on multiple platforms, and it requires the attacker to get the user to click on a malicious link.

An attacker can exploit a flaw in Mercurius to perform unauthorized actions on behalf of an authenticated user by tricking their browser into sending a specially crafted request. This vulnerability occurs when the server incorrectly interprets certain types of requests, allowing the attacker to bypass security checks, but it only affects versions before 16.4.0.

An attacker can exploit this vulnerability to remotely import and overwrite the entire configuration of the Nokia IMPACT application, potentially taking full control of it. This can happen because the application fails to check for a security token that normally helps prevent unauthorized actions, allowing the attacker to execute this without needing to be authenticated.

An attacker can trick users into interacting with the CGM CLININET application by embedding it in a hidden frame on a malicious website, potentially leading users to perform unintended actions without their knowledge. This vulnerability exists because the application lacks protections against clickjacking, meaning it doesn't have the necessary security measures in place to prevent such attacks.

An attacker can trick an authenticated administrator of the Tenda F3 router into making unwanted changes to the router's settings through its web interface. This vulnerability occurs because the router does not have protections in place to prevent such attacks, meaning the administrator must be logged in for the attack to succeed.

An attacker can trick a logged-in user of the gym management system into unknowingly updating their profile information by sending them a malicious link. This vulnerability requires the user to be logged in and click on the link while visiting the attacker's site, potentially allowing the attacker to change the user's details without their consent.

This vulnerability allows an attacker to trick users into performing actions on the Ali2Woo Lite platform without their consent, potentially leading to unauthorized changes or data exposure. It affects versions up to 3.3.5 and requires the user to be logged in to the site while the attacker sends a malicious request.

This vulnerability allows an attacker to trick a user into performing actions on the authLdap plugin without their consent, potentially compromising user accounts. It requires the user to be logged in and to click on a malicious link or visit a malicious site while using the affected plugin version.

This vulnerability allows an attacker to take control of a user's account and change their settings by tricking them into visiting a malicious webpage. The attacker does not need to be logged in, but the user must be authenticated and visit the harmful page while logged into the affected application.

This vulnerability allows an attacker to trick a user into performing actions on their WordPress site without their consent, potentially leading to unauthorized changes or data exposure. It requires the user to be logged into their account and to click on a malicious link while visiting a compromised website.

An attacker can trick an admin user into clicking a malicious link, which could allow them to change security settings or run harmful code on the PaperCut system. This vulnerability only works if the admin is logged in at the time of the attack.

This vulnerability allows an attacker to trick a user into performing unwanted actions on a website using the qwik framework, potentially compromising their account or data. It affects versions prior to 0.104.0 and requires the user to be logged in while visiting a malicious site.

This vulnerability allows an attacker to trick a logged-in user of the YOURLS URL shortening service into performing unwanted actions without their consent, potentially leading to unauthorized changes or data exposure. The attacker needs to get the user to click on a malicious link while they are logged into the service.