CVE-2018-25334

Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...

CVE-2026-43884 WWBN AVideo: SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()

WWBN AVideo is an open source video platform. In versions up to and including 29.0, two endpoints plugin/AI/receiveAsync.json.php and objects/EpgParser.php in AVideo call isSSRFSafeURL to validate user-supplied URLs, then fetch them using bare filegetcontents without disabling PHP's automatic...

EUVD-2026-27067

goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler httpserver/updown.go lacks the CSRF token validation that was added to the POST upload handler during the CVE-2026-40883 fix. Combined with the unconditional Access-Control-Allow-Origin: on the OPTIONS...

OPENSUSE-SU-2026:20586-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security...

Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

Executive Summary A critical library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash responsible for validating the athash Access Token Hash and chash...

CVE-2026-27129

CVE-2026-27129 affects Craft CMS, where the SSRF protection in the GraphQL Asset mutation (versions 4.5.0-RC1–4.16.18 and 5.0.0-RC1–5.8.22) is bypassed due to using gethostbyname(), which only resolves IPv4. If a host has only IPv6 (AAAA) records, the function returns the hostname, causing blockl...

CVE-2026-23622 CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover

Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from...

Discourse 代码问题漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A code issue vulnerability exists in Discourse. An attacker exploits this vulnerability to bypass server-side request forgery SSRF protection using IPv4-mapped IPv6...

Elevation of Privilege Vulnerability in CMS Made Simple

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engines. An elevation of privilege vulnerability exists in CMS Made Simple. An attacker can exploit the vulnerability to bypass anti-forgery checks on data and gain access to backend...

Ubiquiti Networks UniFi 3.2.10 Cross Site Request Forgery

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Ubiquiti Networks UniFi Vendor URL: www.ubnt.com Type: Cross-Site Request Forgery CWE-353 Date found: 2015-03-19 Date published: 2016-02-23 CVSSv3 Score: 6.3...