Lucene search
K

22114 matches found

CVE
CVE
added yesterday7 views

CVE-2026-61502

CVE-2026-61502 affects Rejetto HFS versions 3.0.0 through 3.2.0. The root cause is that state-changing API requests can be issued via GET and are exempt from the anti-CSRF header check, enabling a remote attacker to perform administrative actions (e.g., account creation, configuration changes) an...

5.1CVSS6.4AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-57786

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through = 1.7.08...

8.8CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-61956 WordPress ووسلام – همگام سازی ووکامرس و باسلام plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in hamsalam ووسلام همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام همگام سازی ووکامرس و باسلام: from n/a through = 1.9.1...

7.1CVSS0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57786 WordPress WorkScout-Core plugin <= 1.7.08 - Cross Site Request Forgery (CSRF) to Broken Authentication vulnerability

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through = 1.7.08...

8.8CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-61956

The CVE-2026-61956 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin sync-basalam (ووسلام – همگام سازی ووکامرس و باسلام) up to version 1.9.1. Affected component: the plugin’s CSRF handling exposes an attack surface enabling unauthorized actions initiated by...

7.1CVSS6.1AI score0.0016EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday15 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7AI score0.0161EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7AI score0.04184EPSS
Exploits3References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43075

Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...

6.1AI score0.00119EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-55883

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websockettoken endpoint and the upgrader accepts clients that omit an Origin...

8.3CVSS0.00222EPSS
Exploits0References4
NVD
NVD
added 4 days ago5 views

CVE-2026-13243

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

4.8CVSS0.00097EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-15080

Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...

4.3CVSS6.1AI score0.00119EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

0.00097EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42907

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...

8.1CVSS6.1AI score0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-38057 ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...

8.1CVSS0.00308EPSS
Exploits0References3
CVE
CVE
added 4 days ago11 views

CVE-2026-38057

The CVE-2026-38057 entry affects the iDirect iQ200 series. The issue is CSRF on state-changing API endpoints, specifically the /api/reboot POST endpoint, which accepts requests authenticated only by a session cookie that lacks the SameSite attribute. A remote attacker can lure an authenticated ad...

8.1CVSS6.1AI score0.00308EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42848

The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the resetcredential function, which handles the...

4.3CVSS6AI score0.00168EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-6440

The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the resetcredential function, which handles the...

4.3CVSS6AI score0.00168EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-6440 GoodMeet <= 1.1.8 - Cross-Site Request Forgery to Google Meet Credential Reset via 'goodmeet_reset_google_meet_credential'

The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the resetcredential function, which handles the...

4.3CVSS0.00168EPSS
Exploits0References8
NVD
NVD
added 4 days ago5 views

CVE-2026-15070

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS0.00259EPSS
Exploits0References6
CVE
CVE
added 4 days ago12 views

CVE-2026-15070

The CVE covers the WordPress plugin “Salon Booking System – Free Version.” All versions up to and including 10.30.32 are vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in setCustomText, allowing unauthenticated attackers to inject PHP into translate-constants.p...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References6
Rows per page
Query Builder