89744 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-62718)
Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container for HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...
CVE-2026-5791
Cross-Site request forgery CSRF vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...
Security Bulletin: Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-1561, CVE-2025-14923, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915).
Summary Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-1561, CVE-2025-14923, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities...
CVE-2026-5791
Cross-Site request forgery CSRF vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...
CVE-2026-5791 CSRF in DivvyDrive Information Technologies' DivvyDrive
Cross-Site request forgery CSRF vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...
CVE-2026-5791 CSRF in DivvyDrive Information Technologies' DivvyDrive
Cross-Site request forgery CSRF vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...
CVE-2026-5791
DivvyDrive CSRF (Cross-Site Request Forgery) vulnerability (CVE-2026-5791) affects DivvyDrive Software prior to 4.8.3.2 (versions starting 4.8.2.9). Root cause is CSRF; impact is information-agnostic, with high integrity impact per the entry. Remediation: upgrade to version 4.8.3.2 or later. Expl...
EUVD-2026-28343
Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...
CVE-2026-41644
monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs...
CVE-2026-41644 monetr is vulnerable to server-side request forgery in Lunch Flow link creation and refresh
monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs...
CVE-2026-41644
monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs...
CVE-2026-41644 monetr is vulnerable to server-side request forgery in Lunch Flow link creation and refresh
monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs...
CVE-2026-41644
CVE-2026-41644 – SSRF in monetr Lunch Flow : The vulnerability occurs in the Lunch Flow link creation/refresh endpoint (POST /api/lunch_flow/link) of self-hosted monetr installations where LunchFlow.Enabled is true and sign-ups are allowed. An authenticated user can cause the server to fetch arbi...
CVE-2026-27415
Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...
CVE-2026-27415 WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...
CVE-2026-27415 WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...
CVE-2026-27415
Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...
WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by benzdeus in WordPress Plugin BEAR versions = 1.1.5...
EUVD-2025-209718
Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the process handling incoming requests. An attacker can perform unauthorized actions on behalf of an authenticated user by tricking them into submitting a crafted request. Remediation Upgrade...