CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/01 9:16 p.m.•16 views

CVE-2026-49139

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

7CVSS0.00382EPSS

NVD•added 2026/06/01 9:16 p.m.•13 views

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS0.00294EPSS

Exploits0References6

Vulnrichment•added 2026/06/01 9:0 p.m.•6 views

CVE-2018-25435 ZeusCart 4.0 Deactivate Customer Accounts CSRF

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages...

6.9CVSS5.7AI score0.00156EPSS

CVE•added 2026/06/01 9:0 p.m.•11 views

CVE-2018-25435

CVE-2018-25435 describes a cross-site request forgery (CSRF) in ZeusCart 4.0 that allows an attacker to perform unauthorized admin actions on behalf of a victim. Specifically, by convincing a logged-in admin to visit attacker-controlled pages, requests to the regstatus endpoint with action=deny c...

6.9CVSS5.7AI score0.00156EPSS

EUVD•added 2026/06/01 7:59 p.m.•12 views

EUVD-2026-33761

The DeepAI endpoint 'https://api.deepai.org/changeuseremail' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacker can change the user's email address and take over their account. Fixed on 2026-05-20...

Cvelist•added 2026/06/01 7:59 p.m.•28 views

CVE-2026-49433 DeepAI api.deepai.org/change_user_email CSRF

5CVSS0.00107EPSS

Vulnrichment•added 2026/06/01 7:59 p.m.•13 views

CVE-2026-49433 DeepAI api.deepai.org/change_user_email CSRF

CVE•added 2026/06/01 7:59 p.m.•20 views

CVE-2026-49433

The CVE affects DeepAI’s endpoint https://api.deepai.org/change_user_email, where POST requests lack CSRF protection. An attacker could lure a logged-in user to visit a malicious link, enabling the attacker to change the user’s email address and potentially take over the account. The issue is mit...

ATTACKERKB•added 2026/06/01 7:59 p.m.•8 views

CVE-2026-49433

ATTACKERKB•added 2026/06/01 7:50 p.m.•9 views

CVE-2026-49139

EUVD•added 2026/06/01 7:50 p.m.•10 views

Exploits0References5

EUVD-2026-33759

Vulnrichment•added 2026/06/01 7:50 p.m.•8 views

CVE-2026-49139 Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning

Cvelist•added 2026/06/01 7:50 p.m.•27 views

CVE-2026-49139 Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning

7CVSS0.00382EPSS

CVE•added 2026/06/01 7:50 p.m.•20 views

CVE-2026-49139

Summary: Nanobot before 0.2.1 contains a server-side request forgery (SSRF) in the Microsoft Teams channel handler, enabling attackers to exfiltrate Bot Framework bearer tokens. By sending a forged inbound activity with an attacker-controlled serviceUrl, an adversary can poison the stored convers...