Lucene search
+L

22246 matches found

CVE
CVE
added 2 days ago15 views

CVE-2026-15005

The CVE-2026-15005 issue affects the WordPress Loco Translate plugin (versions up to and including 2.8.5). Root cause: missing or incorrect nonce validation in execTemplate enables a CSRF that can bypass path validation and pass a php://filter URI to the include sink via a forged request. This ca...

8.8CVSS6.3AI score0.00211EPSS
Exploits0References10
NVD
NVD
added 2 days ago8 views

CVE-2026-11866

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

5.4CVSS0.00095EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-11866 LatePoint < 5.6.3 - Multiple Privileged Actions via CSRF

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

0.00095EPSS
Exploits0References1
NVD
NVD
added 2 days ago12 views

CVE-2026-12409

The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.3.6. This is due to missing or incorrect nonce validation on the ulpbadminajax function. Thi...

4.3CVSS0.00129EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago39 views

CVE-2026-12409 Landing Page Builder <= 1.5.3.6 - Cross-Site Request Forgery to ulpb_admin_data AJAX Action

The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.3.6. This is due to missing or incorrect nonce validation on the ulpbadminajax function. Thi...

4.3CVSS0.00129EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44843

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

9.1CVSS6.2AI score0.00224EPSS
Exploits1References3
NVD
NVD
added 3 days ago7 views

CVE-2026-26718

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

9.1CVSS0.00224EPSS
Exploits1References2
NVD
NVD
added 3 days ago5 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS6.2AI score0.0017EPSS
Exploits0References2Affected Software2
OSV
OSV
added 3 days ago4 views

CVE-2026-47158 Vaultwarden: CSRF in SSO Authorization Flow

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS6.1AI score0.0016EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-15747

A flaw was found in Mojolicious. This vulnerability exposes a stable representation of the session Cross-Site Request Forgery CSRF token to a BREACH compression oracle. When a web server response containing the token is gzip-compressed and also echoes attacker-controlled input, an attacker can us...

9.1CVSS6AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-26718

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

0.00224EPSS
Exploits1References2
CVE
CVE
added 3 days ago4 views

CVE-2026-26718

CVE-2026-26718 – xxl-job-admin 3.0.0 CSRF flaw . A Cross-Site Request Forgery exists in the xxl-job-admin web application (v3.0.0) that enables an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitra...

9.1CVSS6.2AI score0.00224EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-60330

Name of the Vulnerable Software and Affected Versions xxl-job-admin version 3.0.0 Description A Cross-Site Request Forgery CSRF issue exists in the web application. This occurs because a specific endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods through a permissive...

6.2AI score0.00224EPSS
Exploits1References4
Packet Storm
Packet Storm
added 3 days ago19 views

📄 xxl-job Cross Site Request Forgery

xxl-job versions prior to 3.4.0 suffer from a cross site request forgery vulnerability. Description Summary A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The...

9.1CVSS5.7AI score0.00224EPSS
Exploits1
NVD
NVD
added 4 days ago6 views

CVE-2026-52100

Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to execute arbitrary code via the uploadPutHandler function...

7.5CVSS0.00313EPSS
Exploits0References2
CVE
CVE
added 4 days ago4 views

CVE-2026-58477

SIP (Sustainable Irrigation Platform) up to version 5.2.16 contains a mass assignment flaw where the value-setting interface copies every HTTP parameter into internal settings without whitelisting. This enables unauthenticated attackers to overwrite sensitive configuration such as the passphrase ...

8.8CVSS6.1AI score0.00357EPSS
Exploits2References2Affected Software1
CVE
CVE
added 4 days ago6 views

CVE-2026-58476

Sustainable Irrigation Platform (SIP) 5.2.16 is affected by a CSRF vulnerability that allows a remote attacker to trigger state-changing administrative actions by enticing a logged-in administrator to visit a malicious page. The issue arises because HTTP GET requests lack CSRF token validation or...

8.1CVSS6.1AI score0.00228EPSS
Exploits2References2Affected Software1
NVD
NVD
added 4 days ago7 views

CVE-2026-11563

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-58293

Name of the Vulnerable Software and Affected Versions Mojolicious versions 4.59 through 9.47 Description The software exposes a stable representation of the session CSRF token to a BREACH compression oracle. This occurs because the csrf token function generates and caches one token per session,...

9.1CVSS6.1AI score0.00248EPSS
Exploits0References10
Rows per page
Query Builder