CVE-2026-31849 Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...

CVE-2026-31849

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...

CVE-2026-27978

A CSRF check bypass flaw has been discovered in Next.js. The origin: null was treated as a "missing" origin during Server Action CSRF validation. As a result, requests from opaque contexts such as sandboxed iframes could bypass origin verification instead of being validated as cross-origin...

CVE-2026-3000

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them...

EUVD-2026-9147

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them...

EUVD-2026-9146

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them...

Changing IDExpert Windows Logon Agent 安全漏洞

Changing IDExpert Windows Logon Agent is an identity authentication client software developed by Changing, a company based in Taiwan, China. This software is designed to enhance security during Windows login processes. Changing IDExpert Windows Logon Agent contains a security vulnerability that...

PT-2026-22547

Name of the Vulnerable Software and Affected Versions IDExpert Windows Logon Agent affected versions not specified Description IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution issue. Unauthenticated remote attackers can force the system to download arbitrary DLL file...

Talishar 跨站请求伪造漏洞

Talishar is an open-source game client developed by Talishar. Talishar has a cross-site request forgery vulnerability, which stems from the lack of cross-site request forgery protection on key state-changing endpoints. This vulnerability may allow unauthorized operations to occur...

CVE-2026-27518 Binardat 10G08-0800GSM Network Switch CSRF

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...

CVE-2026-25812

PlaciPy (version 1.0.0) exposes credentialed CORS and lacks CSRF protection on state-changing endpoints. The connected sources confirm this core issue but do not supply a remediation, exploit details, or vendor-specific mitigations. Practical impact: potential CSRF-style abuse where authenticated...

CVE-2026-25812 PlaciPy is Missing CSRF Protection on State-Changing Endpoints

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...

CVE-2026-25812 PlaciPy is Missing CSRF Protection on State-Changing Endpoints

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...

CVE-2026-25812 PlaciPy is Missing CSRF Protection on State-Changing Endpoints

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

CVE-2026-24434

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

CVE-2026-0493

Due to a Cross-Site Request Forgery CSRF vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this deviation from expected request semantics may allow an attacker to trigger unintended actions on...

CVE-2026-0493

CVE-2026-0493 describes a Cross-Site Request Forgery in the SAP Fiori App Intercompany Balance Reconciliation. The issue could allow an attacker to trigger state-changing actions on behalf of an authenticated user by using an inappropriate request type, with low impact on integrity and no impact ...

CVE-2018-14711

Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs...

OpenSSL partial chain store policy bypass

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...