Lucene search
+L

22242 matches found

NVD
NVD
added 2026/07/10 4:17 a.m.5 views

CVE-2026-15070

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS0.00259EPSS
Exploits0References6
CVE
CVE
added 2026/07/10 3:31 a.m.12 views

CVE-2026-15070

The CVE covers the WordPress plugin “Salon Booking System – Free Version.” All versions up to and including 10.30.32 are vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in setCustomText, allowing unauthenticated attackers to inject PHP into translate-constants.p...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/10 3:31 a.m.11 views

CVE-2026-15070

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...

8.8CVSS6.7AI score0.00259EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/10 12:31 a.m.9 views

EUVD-2026-42736

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References3
CVE
CVE
added 2026/07/09 10:33 p.m.21 views

CVE-2026-44342

CVE-2026-44342 describes a CSRF vulnerability in the New API where GET requests on state-changing endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind could allow an attacker to bind an email or OAuth identity for a logged-in user when session cookies are susceptible to cross-site n...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/09 10:4 p.m.31 views

CVE-2026-58143 Cotonti Siena 0.9.26 CSRF via admin.php Config Update Endpoint

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/09 10:4 p.m.8 views

CVE-2026-58143 Cotonti Siena 0.9.26 CSRF via admin.php Config Update Endpoint

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.3AI score0.00175EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:4 p.m.6 views

CVE-2026-58143

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/07/09 7:32 p.m.5 views

WordPress GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin <= 1.1.8 - Cross-Site Request Forgery to Google Meet Credential Reset vulnerability

Cross-Site Request Forgery to Google Meet Credential Reset vulnerability discovered by Legion Hunter in WordPress Plugin GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference versions = 1.1.8...

4.3CVSS6.1AI score0.00168EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/09 3:29 p.m.6 views

WordPress Salon Booking System – Free Version plugin <= 10.30.32 - Cross-Site Request Forgery to Remote Code Execution vulnerability

Cross-Site Request Forgery to Remote Code Execution vulnerability discovered by Afifudin Maarif in WordPress Plugin Salon booking system versions = 10.30.32...

8.8CVSS6.1AI score0.00259EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/09 11:16 a.m.10 views

CVE-2026-4275

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS0.00187EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/09 9:31 a.m.7 views

EUVD-2026-42563

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/09 9:31 a.m.31 views

CVE-2026-4275 Divi Torque Lite <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Installation via 'install_plugin' REST Endpoint

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS0.00187EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:31 a.m.7 views

CVE-2026-4275

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References9
CVE
CVE
added 2026/07/08 9:29 p.m.13 views

CVE-2026-5923

CVE-2026-5923 affects Poly Voice IP phones’ WebUI. A stolen cookie may enable CSRF to modify the WebUI contents. Impact: integrity and availability High; confidentiality Low. Exploitation status and fixes are not detailed in the provided documents; no patch/version info is given.

6CVSS5.9AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 9:29 p.m.34 views

CVE-2026-5923 Poly Voice – Potential Unauthorized Modification of WebUI using CSRF Attack

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 2:16 p.m.8 views

CVE-2026-15034

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS0.00222EPSS
Exploits0References9
CVE
CVE
added 2026/07/08 1:30 p.m.13 views

CVE-2026-15034

CVE-2026-15034 affects the Flask-MonitoringDashboard component of the Flask-dashboard project up to version 5.0.2. The issue is described as a cross-site request forgery (CSRF) affecting an unknown functionality, with the attack potentially executable remotely. Public exploit information is indic...

5.3CVSS5.2AI score0.00222EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/08 1:30 p.m.5 views

EUVD-2026-42238

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS5.2AI score0.00222EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/08 1:30 p.m.31 views

CVE-2026-15034 flask-dashboard Flask-MonitoringDashboard cross-site request forgery

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS0.00222EPSS
Exploits0References9
Rows per page
Query Builder