Lucene search
K

22007 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-41813

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS5.5AI score
Exploits0References7
NVD
NVD
added 2 hours ago4 views

CVE-2026-14800

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS
Exploits0References6
CVE
CVE
added 5 hours ago7 views

CVE-2026-14800

Technical details (affected versions, root cause, exploit specifics) are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.5AI score
Exploits0References6
EUVD
EUVD
added 10 hours ago8 views

EUVD-2026-41784

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-59520

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS5.9AI score
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7.1AI score0.01671EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7.2AI score0.04184EPSS
Exploits3References2
NVD
NVD
added 2 days ago6 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

0.00131EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-12746

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

0.00151EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago24 views

CVE-2026-12746 Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

0.00151EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-41686

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

5.9AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-55719

Name of the Vulnerable Software and Affected Versions Dancer2::Plugin::Auth::OAuth::Provider versions prior to 0.23 Description The software fails to support the OAuth 2.0 state parameter. The authentication url method creates a provider authorization redirect without a state value, and the...

5.9AI score0.00151EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-55718

Name of the Vulnerable Software and Affected Versions Plack::Middleware::OAuth versions prior to 0.11 Description Plack::Middleware::OAuth for Perl fails to support the OAuth 2.0 state parameter. The RequestTokenV2 function builds the provider authorization redirect without issuing a state value,...

5.9AI score0.00131EPSS
Exploits0References8
CVE
CVE
added 3 days ago20 views

CVE-2026-14620

webpack-dev-server prior to 5.2.6 exposes two internal endpoints (/webpack-dev-server/open-editor and /webpack-dev-server/invalidate) that perform state-changing actions on any GET request without origin verification. This enables cross-origin interactions when a user visits any website while the...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-57766

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-57761

Unauthenticated Cross Site Request Forgery CSRF in SEOWP = 3.12.2 versions...

7.1CVSS0.00094EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57759

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57758

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS0.00094EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57751

Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...

8.1CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-57747

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS0.00124EPSS
Exploits0References1
Rows per page
Query Builder