CVE-2026-45430

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...

EUVD-2026-29369

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

CVE-2026-0502

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

CVE-2026-0502 Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

CVE-2026-0502 Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

CVE-2026-0502

The CVE-2026-0502 entry concerns SAP BusinessObjects Business Intelligence Platform with a CSRF protection flaw. An authenticated user can be tricked into sending unintended requests to the web server, leading to low impact on integrity and availability and no confidentiality impact. Public detai...

CVE-2026-0502

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

PT-2026-39917

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

WordPress plugin Tm – WordPress Redirection 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Backdrop CMS Salesforce 跨站请求伪造漏洞

Backdrop CMS Salesforce is a data synchronization extension module developed by Backdrop CMS Inc. for integration with the Salesforce platform. Versions of Backdrop CMS Salesforce prior to 1.x-1.0.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from improper us...

PT-2026-39967

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...

WordPress plugin Zawgyi Embed 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-40251

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

PT-2026-39971

The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

PT-2026-39972

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form and the lack of any nonce verification via check admin referer or wp verify nonce in the...

JunoClaw 代码问题漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions of JunoClaw prior to 0.x.y-security-1 contained code vulnerabilities. These vulnerabilities stemmed from the computeDataVerify function in the WAVS bridge, which did not validate the protocol, port, or parse the IP...

WordPress plugin Skysa Text Ticker App 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Pandora FMS 跨站请求伪造漏洞

Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. Version 777 to 800 of Pandora FMS has a cross-site request forgeing vulnerability. This vulnerability stems from...

WordPress plugin WP-Redirection 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...