lol I'm doing propaganda gang it only sounds scary when I say it like that cuz I said it like that when in reality it's scary for different reasons
October 27, 2025 at 6:39 PM
lol I'm doing propaganda gang it only sounds scary when I say it like that cuz I said it like that when in reality it's scary for different reasons
It's #LastWeekInAppSec time! Access control bypasses in #Python's #Authlib (#OAuth and #OpenID) and Java's #SpringFramework (#CSRF protection failure).
See buff.ly/ZUloV61 for deeper analysis, mitigation steps, etc.
#AppSec #VulnManagement #CyberSecurity #SupplyChainSecurity
See buff.ly/ZUloV61 for deeper analysis, mitigation steps, etc.
#AppSec #VulnManagement #CyberSecurity #SupplyChainSecurity
Last Week in AppSec for 21. October 2025 - Checkmarx
Access control bypasses in Python's Authlib (OAuth and OpenID) and Java's Spring Framework (CSRF protection failure), last week in AppSec
buff.ly
October 21, 2025 at 9:08 PM
It's #LastWeekInAppSec time! Access control bypasses in #Python's #Authlib (#OAuth and #OpenID) and Java's #SpringFramework (#CSRF protection failure).
See buff.ly/ZUloV61 for deeper analysis, mitigation steps, etc.
#AppSec #VulnManagement #CyberSecurity #SupplyChainSecurity
See buff.ly/ZUloV61 for deeper analysis, mitigation steps, etc.
#AppSec #VulnManagement #CyberSecurity #SupplyChainSecurity
Microsoft corrige falha ‘mais grave de sempre’ no ASP.NET Core que permite roubo de credenciais
#ASPNET #ciberataque #computador #CSRF #cve #grave #http #microsoft #segurança #servidor #vulnerabilidade #vulnerabilidades #web #windows
#ASPNET #ciberataque #computador #CSRF #cve #grave #http #microsoft #segurança #servidor #vulnerabilidade #vulnerabilidades #web #windows
Microsoft corrige falha ‘mais grave de sempre’ no ASP.NET Core que permite roubo de credenciais
tugatech.com.pt
October 19, 2025 at 12:31 PM
Microsoft corrige falha ‘mais grave de sempre’ no ASP.NET Core que permite roubo de credenciais
#ASPNET #ciberataque #computador #CSRF #cve #grave #http #microsoft #segurança #servidor #vulnerabilidade #vulnerabilidades #web #windows
#ASPNET #ciberataque #computador #CSRF #cve #grave #http #microsoft #segurança #servidor #vulnerabilidade #vulnerabilidades #web #windows
Does widespread browser implementation of the Sec-Fetch-Site HTTP header mean we can protect against CSRF attacks without needing those hidden form tokens? It looks like the answer may be a cautious "yes"! simonwillison.net/2025/Oct/15/...
A modern approach to preventing CSRF in Go
Alex Edwards writes about the new http.CrossOriginProtection middleware that was added to the Go standard library in version 1.25 in August and asks: Have we finally reached the point where …
simonwillison.net
October 15, 2025 at 5:07 AM
Does widespread browser implementation of the Sec-Fetch-Site HTTP header mean we can protect against CSRF attacks without needing those hidden form tokens? It looks like the answer may be a cautious "yes"! simonwillison.net/2025/Oct/15/...
Does widespread browser implementation of the Sec-Fetch-Site HTTP header mean we can protect against CSRF attacks without needing those hidden form tokens? It looks like the answer may be a cautious "yes"! https://simonwillison.net/2025/Oct/15/csrf-in-go/
A modern approach to preventing CSRF in Go
Alex Edwards writes about the new http.CrossOriginProtection middleware that was added to the Go standard library in version 1.25 in August and asks: Have we finally reached the point where …
simonwillison.net
October 15, 2025 at 5:08 AM
Does widespread browser implementation of the Sec-Fetch-Site HTTP header mean we can protect against CSRF attacks without needing those hidden form tokens? It looks like the answer may be a cautious "yes"! https://simonwillison.net/2025/Oct/15/csrf-in-go/
The smuggled request could cause your application code to
* Login as a different user (EOP)
* Make an internal request (SSRF)
* Bypass CSRF checks
* Perform an injection attack
But we don't know because it's dependent on how you've written your app.
(3/7)
* Login as a different user (EOP)
* Make an internal request (SSRF)
* Bypass CSRF checks
* Perform an injection attack
But we don't know because it's dependent on how you've written your app.
(3/7)
October 14, 2025 at 6:01 PM
The smuggled request could cause your application code to
* Login as a different user (EOP)
* Make an internal request (SSRF)
* Bypass CSRF checks
* Perform an injection attack
But we don't know because it's dependent on how you've written your app.
(3/7)
* Login as a different user (EOP)
* Make an internal request (SSRF)
* Bypass CSRF checks
* Perform an injection attack
But we don't know because it's dependent on how you've written your app.
(3/7)
🍞 Bun 1.3이 공개됐어요! 이번 버전은 “빠른 JS 런타임”을 넘어서 프론트엔드와 백엔드를 모두 아우르는 풀스택 런타임으로 한 단계 진화했습니다.
내장 dev server로 React HMR을 바로 돌려보고, Bun.SQL로 MySQL, SQLite를 같은 API로 다루고, Redis까지 기본 지원됩니다. 보안 스캐너, Bun.secrets, CSRF 유틸 등 실서비스용 기능도 늘었어요.
이번 릴리스는 “속도”보다 “단순함”이 핵심인 듯합니다. 이제 정말 "써볼 만하다"가 아니라 "써야 할" 타이밍이 온 것 같네요.
내장 dev server로 React HMR을 바로 돌려보고, Bun.SQL로 MySQL, SQLite를 같은 API로 다루고, Redis까지 기본 지원됩니다. 보안 스캐너, Bun.secrets, CSRF 유틸 등 실서비스용 기능도 늘었어요.
이번 릴리스는 “속도”보다 “단순함”이 핵심인 듯합니다. 이제 정말 "써볼 만하다"가 아니라 "써야 할" 타이밍이 온 것 같네요.
Bun 1.3
Bun 1.3 introduces zero-config frontend development, unified SQL API, built-in Redis client, security enhancements, package catalogs, async stack traces, VS Code test integration, and Node.js compatib...
bun.com
October 14, 2025 at 12:17 PM
🍞 Bun 1.3이 공개됐어요! 이번 버전은 “빠른 JS 런타임”을 넘어서 프론트엔드와 백엔드를 모두 아우르는 풀스택 런타임으로 한 단계 진화했습니다.
내장 dev server로 React HMR을 바로 돌려보고, Bun.SQL로 MySQL, SQLite를 같은 API로 다루고, Redis까지 기본 지원됩니다. 보안 스캐너, Bun.secrets, CSRF 유틸 등 실서비스용 기능도 늘었어요.
이번 릴리스는 “속도”보다 “단순함”이 핵심인 듯합니다. 이제 정말 "써볼 만하다"가 아니라 "써야 할" 타이밍이 온 것 같네요.
내장 dev server로 React HMR을 바로 돌려보고, Bun.SQL로 MySQL, SQLite를 같은 API로 다루고, Redis까지 기본 지원됩니다. 보안 스캐너, Bun.secrets, CSRF 유틸 등 실서비스용 기능도 늘었어요.
이번 릴리스는 “속도”보다 “단순함”이 핵심인 듯합니다. 이제 정말 "써볼 만하다"가 아니라 "써야 할" 타이밍이 온 것 같네요.
Quarkus 3.28 is now live!
What’s new:
- Fluent API support for CSRF protection
- OIDC request/response filters specific to flows
- Custom Grafana dashboards
- Multiple-client support in Liquibase MongoDB
- Build performance & memory optimizations
quarkus.io/blog/quarkus-3-28-released/
#Java #quarkus
What’s new:
- Fluent API support for CSRF protection
- OIDC request/response filters specific to flows
- Custom Grafana dashboards
- Multiple-client support in Liquibase MongoDB
- Build performance & memory optimizations
quarkus.io/blog/quarkus-3-28-released/
#Java #quarkus
September 24, 2025 at 6:45 PM
Quarkus 3.28 is now live!
What’s new:
- Fluent API support for CSRF protection
- OIDC request/response filters specific to flows
- Custom Grafana dashboards
- Multiple-client support in Liquibase MongoDB
- Build performance & memory optimizations
quarkus.io/blog/quarkus-3-28-released/
#Java #quarkus
What’s new:
- Fluent API support for CSRF protection
- OIDC request/response filters specific to flows
- Custom Grafana dashboards
- Multiple-client support in Liquibase MongoDB
- Build performance & memory optimizations
quarkus.io/blog/quarkus-3-28-released/
#Java #quarkus
Production-ready features: Complete form support + CSRF/XSS security + action scheduling for 60 FPS smoothness!
and... Windows dev support, compiler reliability improvements. 360+ commits!
Full details: hologram.page/blog/hologra...
Try the Bouncing Ball Demo: hologram.page/demos/bounci...
and... Windows dev support, compiler reliability improvements. 360+ commits!
Full details: hologram.page/blog/hologra...
Try the Bouncing Ball Demo: hologram.page/demos/bounci...
Hologram v0.6.0 Released!
Hologram v0.6.0 focuses on production readiness through enhanced security, comprehensive form support, and improved reliability. As adoption has ramped up substantially and developers have begun signa...
hologram.page
September 11, 2025 at 11:12 PM
Production-ready features: Complete form support + CSRF/XSS security + action scheduling for 60 FPS smoothness!
and... Windows dev support, compiler reliability improvements. 360+ commits!
Full details: hologram.page/blog/hologra...
Try the Bouncing Ball Demo: hologram.page/demos/bounci...
and... Windows dev support, compiler reliability improvements. 360+ commits!
Full details: hologram.page/blog/hologra...
Try the Bouncing Ball Demo: hologram.page/demos/bounci...
CVE-2025-24001 - PPO Việt Nam PPO Call To Actions CSRF Vulnerability
CVE ID : CVE-2025-24001
Published : Jan. 21, 2025, 2:15 p.m. | 22 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions allows Cross Site...
CVE ID : CVE-2025-24001
Published : Jan. 21, 2025, 2:15 p.m. | 22 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions allows Cross Site...
CVE-2025-24001 - PPO Việt Nam PPO Call To Actions CSRF Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions allows Cross Site Request Forgery. This issue affects PPO Call To Actions: from n/a through 0.1.3.
cvefeed.io
January 21, 2025 at 2:39 PM
CVE-2025-24001 - PPO Việt Nam PPO Call To Actions CSRF Vulnerability
CVE ID : CVE-2025-24001
Published : Jan. 21, 2025, 2:15 p.m. | 22 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions allows Cross Site...
CVE ID : CVE-2025-24001
Published : Jan. 21, 2025, 2:15 p.m. | 22 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions allows Cross Site...
ID: CVE-2024-53722
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2.
#security #infosec #cve-alert
nvd.nist.gov
December 2, 2024 at 2:19 PM
ID: CVE-2024-53722
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2.
#security #infosec #cve-alert
ID: CVE-2025-25140
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9.
#security #infosec #cve-alert
nvd.nist.gov
February 7, 2025 at 10:17 AM
ID: CVE-2025-25140
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9.
#security #infosec #cve-alert
ID: CVE-2025-25135
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3.
#security #infosec #cve-alert
nvd.nist.gov
February 7, 2025 at 10:17 AM
ID: CVE-2025-25135
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3.
#security #infosec #cve-alert
CVE-2025-26577 - Daxiawp DX-Auto-Publish CSRF Stored XSS Vulnerability
CVE ID : CVE-2025-26577
Published : Feb. 13, 2025, 2:16 p.m. | 2 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish allows Stored XSS. This ...
CVE ID : CVE-2025-26577
Published : Feb. 13, 2025, 2:16 p.m. | 2 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish allows Stored XSS. This ...
CVE-2025-26577 - Daxiawp DX-Auto-Publish CSRF Stored XSS Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish allows Stored XSS. This issue affects DX-auto-publish: from n/a through 1.2.
cvefeed.io
February 13, 2025 at 6:34 PM
CVE-2025-26577 - Daxiawp DX-Auto-Publish CSRF Stored XSS Vulnerability
CVE ID : CVE-2025-26577
Published : Feb. 13, 2025, 2:16 p.m. | 2 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish allows Stored XSS. This ...
CVE ID : CVE-2025-26577
Published : Feb. 13, 2025, 2:16 p.m. | 2 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish allows Stored XSS. This ...
Seems they lied to us.
Writing fully blown authentication system from scratch might be not the easiest task.
So many concepts: csrf, totp, recovery codes, emailing, passkey, audit, etc.
Writing fully blown authentication system from scratch might be not the easiest task.
So many concepts: csrf, totp, recovery codes, emailing, passkey, audit, etc.
November 17, 2024 at 11:52 PM
Seems they lied to us.
Writing fully blown authentication system from scratch might be not the easiest task.
So many concepts: csrf, totp, recovery codes, emailing, passkey, audit, etc.
Writing fully blown authentication system from scratch might be not the easiest task.
So many concepts: csrf, totp, recovery codes, emailing, passkey, audit, etc.
Beware: flatCore CMS Vulnerability Allows Sneaky PHP File Uploads!
FlatCore Arbitrary PHP upload vulnerability lets you become the uninvited guest at the server party. Just bring your file, and don't forget the CSRF token!
thenimblenerd.com?p=1042268
FlatCore Arbitrary PHP upload vulnerability lets you become the uninvited guest at the server party. Just bring your file, and don't forget the CSRF token!
thenimblenerd.com?p=1042268
Beware: flatCore CMS Vulnerability Allows Sneaky PHP File Uploads!
FlatCore CMS is having a wardrobe malfunction with its file upload security, allowing arbitrary .php file uploads. Just sneak past the admin login, throw on a malicious PHP ensemble, and strut down the server runway. But remember, only do this in the name of ethical hacking and responsible disclosure!
thenimblenerd.com
April 10, 2025 at 7:57 AM
Beware: flatCore CMS Vulnerability Allows Sneaky PHP File Uploads!
FlatCore Arbitrary PHP upload vulnerability lets you become the uninvited guest at the server party. Just bring your file, and don't forget the CSRF token!
thenimblenerd.com?p=1042268
FlatCore Arbitrary PHP upload vulnerability lets you become the uninvited guest at the server party. Just bring your file, and don't forget the CSRF token!
thenimblenerd.com?p=1042268
CVE-2024-6857 - WordPress WP MultiTasking CSRF Vulnerability
CVE ID : CVE-2024-6857
Published : April 9, 2025, 6:15 a.m. | 1 hour, 9 minutes ago
Description : The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer an...
CVE ID : CVE-2024-6857
Published : April 9, 2025, 6:15 a.m. | 1 hour, 9 minutes ago
Description : The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer an...
CVE-2024-6857 - WordPress WP MultiTasking CSRF Vulnerability
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack
cvefeed.io
April 9, 2025 at 7:32 AM
CVE-2024-6857 - WordPress WP MultiTasking CSRF Vulnerability
CVE ID : CVE-2024-6857
Published : April 9, 2025, 6:15 a.m. | 1 hour, 9 minutes ago
Description : The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer an...
CVE ID : CVE-2024-6857
Published : April 9, 2025, 6:15 a.m. | 1 hour, 9 minutes ago
Description : The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer an...
CSRF Vulnerability in EchoStar Company
https://medium.com/@youssefmohamed_84205/csrf-vulnerability-in-echostar-company-ffecbc6edc24?source=rss------bug_bounty-5
https://medium.com/@youssefmohamed_84205/csrf-vulnerability-in-echostar-company-ffecbc6edc24?source=rss------bug_bounty-5
April 23, 2025 at 7:06 PM
CSRF Vulnerability in EchoStar Company
https://medium.com/@youssefmohamed_84205/csrf-vulnerability-in-echostar-company-ffecbc6edc24?source=rss------bug_bounty-5
https://medium.com/@youssefmohamed_84205/csrf-vulnerability-in-echostar-company-ffecbc6edc24?source=rss------bug_bounty-5
GestioIP Vulnerability: The CSRF Comedy of Errors in Version 3.5.7
GestioIP 3.5.7 CSRF flaw: Admins beware! Malicious URLs could make attackers admins faster than you can say "cross-site request forgery."
thenimblenerd.com?p=1042650
GestioIP 3.5.7 CSRF flaw: Admins beware! Malicious URLs could make attackers admins faster than you can say "cross-site request forgery."
thenimblenerd.com?p=1042650
GestioIP Vulnerability: The CSRF Comedy of Errors in Version 3.5.7
In the exciting world of cybersecurity, GestioIP 3.5.7 has a vulnerability that lets an attacker execute actions through an admin's browser via CSRF. It's like a digital puppeteer show where the admin unknowingly pulls the strings! Keep an eye on those URLs to avoid an unplanned data disaster.
thenimblenerd.com
April 14, 2025 at 4:20 PM
GestioIP Vulnerability: The CSRF Comedy of Errors in Version 3.5.7
GestioIP 3.5.7 CSRF flaw: Admins beware! Malicious URLs could make attackers admins faster than you can say "cross-site request forgery."
thenimblenerd.com?p=1042650
GestioIP 3.5.7 CSRF flaw: Admins beware! Malicious URLs could make attackers admins faster than you can say "cross-site request forgery."
thenimblenerd.com?p=1042650
CVE-2024-12709 - WordPress Bulk Me Now CSRF Weakness
CVE ID : CVE-2024-12709
Published : Jan. 30, 2025, 6:15 a.m. | 5 hours, 4 minutes ago
Description : The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to...
CVE ID : CVE-2024-12709
Published : Jan. 30, 2025, 6:15 a.m. | 5 hours, 4 minutes ago
Description : The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to...
CVE-2024-12709 - WordPress Bulk Me Now CSRF Weakness
The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
cvefeed.io
January 30, 2025 at 11:24 AM
CVE-2024-12709 - WordPress Bulk Me Now CSRF Weakness
CVE ID : CVE-2024-12709
Published : Jan. 30, 2025, 6:15 a.m. | 5 hours, 4 minutes ago
Description : The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to...
CVE ID : CVE-2024-12709
Published : Jan. 30, 2025, 6:15 a.m. | 5 hours, 4 minutes ago
Description : The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to...
AlfredoCRSF (1.0.0) for arduino by Jacob Williams
➡️ https://github.com/AlfredoSystems/AlfredoCRSF
CSRF serial protocol Arduino library
➡️ https://github.com/AlfredoSystems/AlfredoCRSF
CSRF serial protocol Arduino library
GitHub - AlfredoSystems/AlfredoCRSF: Arduino CRSF library for ELRS
Arduino CRSF library for ELRS. Contribute to AlfredoSystems/AlfredoCRSF development by creating an account on GitHub.
github.com
January 18, 2024 at 8:30 PM
AlfredoCRSF (1.0.0) for arduino by Jacob Williams
➡️ https://github.com/AlfredoSystems/AlfredoCRSF
CSRF serial protocol Arduino library
➡️ https://github.com/AlfredoSystems/AlfredoCRSF
CSRF serial protocol Arduino library
ID: CVE-2024-51649
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Patrick Lumumba Mobilize allows Stored XSS.This issue affects Mobilize: from n/a through 3.0.7.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Patrick Lumumba Mobilize allows Stored XSS.This issue affects Mobilize: from n/a through 3.0.7.
#security #infosec #cve-alert
nvd.nist.gov
November 19, 2024 at 5:18 PM
ID: CVE-2024-51649
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Patrick Lumumba Mobilize allows Stored XSS.This issue affects Mobilize: from n/a through 3.0.7.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Patrick Lumumba Mobilize allows Stored XSS.This issue affects Mobilize: from n/a through 3.0.7.
#security #infosec #cve-alert
ID: CVE-2024-51648
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Hands, Inc e-shops allows Reflected XSS.This issue affects e-shops: from n/a through 1.0.3.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Hands, Inc e-shops allows Reflected XSS.This issue affects e-shops: from n/a through 1.0.3.
#security #infosec #cve-alert
nvd.nist.gov
November 19, 2024 at 5:18 PM
ID: CVE-2024-51648
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Hands, Inc e-shops allows Reflected XSS.This issue affects e-shops: from n/a through 1.0.3.
#security #infosec #cve-alert
CVSS V3.1: HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Hands, Inc e-shops allows Reflected XSS.This issue affects e-shops: from n/a through 1.0.3.
#security #infosec #cve-alert
Browsers treat developers like children. True client-side apps in HTML5 are going to require a serious rethink of CSRF "protections"
November 23, 2024 at 9:27 AM
Browsers treat developers like children. True client-side apps in HTML5 are going to require a serious rethink of CSRF "protections"