Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/04/17 3:31 p.m.6 views

PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

7CVSS5.6AI score0.00165EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/17 1:18 p.m.33 views

CVE-2026-40458 Cross-Site Request Forgery in PAC4J

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

7CVSS0.00165EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 1:18 p.m.5 views

CVE-2026-40458

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

7CVSS5.6AI score0.00165EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.41 views

pac4j 安全漏洞

pac4j is a simple yet powerful Java security engine developed by pac4j OpenSource. It is used to authenticate users, retrieve their configuration files, and manage authorizations, thereby protecting web applications and web services. There were security vulnerabilities in versions of pac4j before...

7CVSS5.9AI score0.00165EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-0658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer. CVE-2016-0658 Note that...

5.5CVSS6.2AI score0.00815EPSS
Exploits0References2
OSV
OSV
added 2024/01/03 6:15 a.m.3 views

CVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

5.4CVSS7.2AI score0.00478EPSS
Exploits0References4
CNVD
CNVD
added 2016/04/22 12:0 a.m.5 views

Oracle MySQL Server: Optimizer Subcomponent Denial of Service Vulnerability (CNVD-2016-02496)

Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in the Server: Optimizer subcomponent of Oracle MySQL 5.7.10 and earlier versions, which can be exploited by a local attacker to cause a denial of service and impact data availability...

5.5CVSS6AI score0.00815EPSS
Exploits0References1
Rows per page
Query Builder