| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings. |
| A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated. |
| In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value. |
| Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through <= 4.3.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images woocommerce-products-without-featured-images allows Reflected XSS.This issue affects WooCommerce Products without featured images: from n/a through <= 0.1. |
| Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe ultimate-subscribe allows Reflected XSS.This issue affects Ultimate Subscribe: from n/a through <= 1.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in julian.weinert cSlider cslider allows Cross Site Request Forgery.This issue affects cSlider: from n/a through <= 2.4.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in shibulijack CJ Change Howdy cj-change-howdy allows Cross Site Request Forgery.This issue affects CJ Change Howdy: from n/a through <= 3.3.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Nikel Cookie Scanner cookie-scanner allows Cross Site Request Forgery.This issue affects Cookie Scanner: from n/a through <= 1.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in creativethemeshq Blocksy blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through <= 2.0.22. |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions. |
| Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through <= 4.5.4. |
| Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php |
| Cross-Site Request Forgery (CSRF) vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Content Templates for Blog Posts & Pages: from n/a through <= 2.2.61. |
