Lucene search
K

22017 matches found

CVE
CVE
added 6 hours ago13 views

CVE-2026-58315

CVE-2026-58315 describes a Cross-site request forgery in SEIKO EPSON Web Config. The vulnerability could allow unintended operations when a logged-in user visits a malicious page, as reported by both the NVD entry and CVE records. Connected sources confirm the product area (SEIKO EPSON Web Config...

5.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-42007

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score
Exploits0References2
CVE
CVE
added 8 hours ago9 views

CVE-2026-34171

CVE-2026-34171 affects Coolify prior to 4.0.0-beta.471. The issue is a CSRF-like, state-changing vulnerability on a GET endpoint: GET /invitations/{uuid} can reset the user password to an attacker-known value if a victim visits a crafted invitation URL. This is due to a password-reset being trigg...

8CVSS6AI score
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-14800

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS0.00159EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday20 views

CVE-2026-14800 imhamzaazam ecommerceFlask cross-site request forgery

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS0.00159EPSS
Exploits0References6
CVE
CVE
added yesterday12 views

CVE-2026-14800

Technical details (affected versions, root cause, exploit specifics) are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.5AI score0.00159EPSS
Exploits0References6
EUVD
EUVD
added yesterday5 views

EUVD-2026-41813

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS5.5AI score0.00159EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-14800

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS5.5AI score0.00159EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7.2AI score0.04184EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday14 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7.1AI score0.01671EPSS
Exploits0References3
EUVD
EUVD
added yesterday9 views

EUVD-2026-41784

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS5.9AI score0.001EPSS
Exploits0References2
NVD
NVD
added 2 days ago9 views

CVE-2026-59520

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-59520

Cross-Site Request Forgery CSRF vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16...

4.3CVSS5.9AI score0.001EPSS
Exploits0References2
Patchstack
Patchstack
added 2 days ago6 views

WordPress Index Now plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Index Now versions = 3.0.16...

4.3CVSS5.9AI score0.001EPSS
Exploits0Affected Software1
NVD
NVD
added 3 days ago6 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

8.1CVSS0.00131EPSS
Exploits0References5
NVD
NVD
added 3 days ago5 views

CVE-2026-12746

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

8.1CVSS0.00151EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-12746 Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

0.00151EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41686

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authenticationurl method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting...

5.9AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-55718

Name of the Vulnerable Software and Affected Versions Plack::Middleware::OAuth versions prior to 0.11 Description Plack::Middleware::OAuth for Perl fails to support the OAuth 2.0 state parameter. The RequestTokenV2 function builds the provider authorization redirect without issuing a state value,...

8.1CVSS5.9AI score0.00131EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-55719

Name of the Vulnerable Software and Affected Versions Dancer2::Plugin::Auth::OAuth::Provider versions prior to 0.23 Description The software fails to support the OAuth 2.0 state parameter. The authentication url method creates a provider authorization redirect without a state value, and the...

5.9AI score0.00151EPSS
Exploits0References7
Rows per page
Query Builder