Lucene search
K

22103 matches found

cvelist
cvelist
added 5 days ago32 views

CVE-2026-9731 Wp Js Detect <= 1.0.9 - Cross-Site Request Forgery to Plugin Settings Update

The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the pluginsettings function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00128EPSS
Exploits0References5
cve
cve
added 5 days ago14 views

CVE-2026-9731

The CVE concerns the WordPress plugin Wp Js Detect (versions up to 1.0.9). Affected component: plugin_settings in the plugin, where missing/incorrect nonce validation enables a Cross-Site Request Forgery (CSRF) . Unauthenticated attackers could forge requests to update the plugin’s settings (wp_n...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References5
ptsecurity
ptsecurity
added 5 days ago6 views

PT-2026-56613

Name of the Vulnerable Software and Affected Versions Monsta FTP versions prior to 2.14.5 Description An unauthenticated attacker can trigger a server-side request forgery SSRF by bypassing an IP blocklist. The issue occurs in the fetchRemoteFile action due to an incomplete check in the isBlocked...

8.6CVSS5.9AI score0.00308EPSS
Exploits0References6
ptsecurity
ptsecurity
added 5 days ago10 views

PT-2026-56660

Name of the Vulnerable Software and Affected Versions Ray Enterprise Translation versions 0.0.0 through 4.0.4 Ray Enterprise Translation versions 4.1.0 through 4.1.4 Ray Enterprise Translation versions 11.0.0 through 11.0.4 Description Cross-Site Request Forgery CSRF occurs when a module fails to...

6.1AI score0.00119EPSS
Exploits0References3
osv
osv
added 6 days ago10 views

PYSEC-2026-1842 pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints

binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...

8.8CVSS5.9AI score0.00223EPSS
Exploits0References6
github
github
added 6 days ago5 views

New API is vulnerable to CSRF through user email binding

Summary The email and WeChat account binding endpoints used GET requests for state-changing account operations. In deployments where session cookies could be sent on cross-site navigations, an attacker could trigger a logged-in user's browser to bind an attacker-controlled email address or OAuth...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References3Affected Software1
snyk
snyk
added 6 days ago5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET /api/oauth/email/bind and GET /api/oauth/wechat/bind endpoints. An attacker can alter account binding state by tricking a logged-in user into visiting a crafted link, potentially allowing the...

6CVSS5.9AI score0.00187EPSS
Exploits0References2
snyk
snyk
added 6 days ago5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET /api/oauth/email/bind and GET /api/oauth/wechat/bind endpoints. An attacker can alter account binding state by tricking a logged-in user into visiting a crafted link, potentially allowing the...

6CVSS5.9AI score0.00187EPSS
Exploits0References2
cvelist
cvelist
added 6 days ago32 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS0.00102EPSS
Exploits0References2
attackerkb
attackerkb
added 6 days ago5 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References3
cve
cve
added 6 days ago19 views

CVE-2026-58315

CVE-2026-58315 describes a Cross-site request forgery in SEIKO EPSON Web Config. The vulnerability could allow unintended operations when a logged-in user visits a malicious page, as reported by both the NVD entry and CVE records. Connected sources confirm the product area (SEIKO EPSON Web Config...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References2
euvd
euvd
added 6 days ago7 views

EUVD-2026-42007

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References2
cvelist
cvelist
added 6 days ago30 views

CVE-2026-34171 Coolify: Account takeover via CSRF-able GET endpoint that resets password to attacker-known value

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS0.00146EPSS
Exploits0References3
cve
cve
added 6 days ago13 views

CVE-2026-34171

CVE-2026-34171 affects Coolify prior to 4.0.0-beta.471. The issue is a CSRF-like, state-changing vulnerability on a GET endpoint: GET /invitations/{uuid} can reset the user password to an attacker-known value if a victim visits a crafted invitation URL. This is due to a password-reset being trigg...

8CVSS6AI score0.00146EPSS
Exploits0References3
nvd
nvd
added last week5 views

CVE-2026-59713

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS0.00153EPSS
Exploits0References4
cvelist
cvelist
added last week34 views

CVE-2026-59713 Leantime - OIDC Login CSRF via Unconditional State Verification Stub

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS0.00153EPSS
Exploits0References4
nvd
nvd
added 2026/07/06 8:16 a.m.8 views

CVE-2026-14800

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS0.00159EPSS
Exploits0References6
euvd
euvd
added 2026/07/06 6:0 a.m.5 views

EUVD-2026-41813

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS5.5AI score0.00159EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/07/06 6:0 a.m.8 views

CVE-2026-14800

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS5.5AI score0.00159EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/06 6:0 a.m.35 views

CVE-2026-14800 imhamzaazam ecommerceFlask cross-site request forgery

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS0.00159EPSS
Exploits0References6
Rows per page
Query Builder