Lucene search
+L

5 matches found

CVE
CVE
added 4 days ago6 views

CVE-2026-58476

Sustainable Irrigation Platform (SIP) 5.2.16 is affected by a CSRF vulnerability that allows a remote attacker to trigger state-changing administrative actions by enticing a logged-in administrator to visit a malicious page. The issue arises because HTTP GET requests lack CSRF token validation or...

8.1CVSS6.1AI score0.00228EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/05/12 10:23 p.m.23 views

CVE-2026-42289

CVE-2026-42289 — ChurchCRM CSRF to Admin Privilege Escalation . Prior to version 7.3.2, UserEditor.php processes user creation and permission updates entirely via $_POST without CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an authenticat...

8.8CVSS5.8AI score0.00128EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/22 5:6 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET routes that change state. An attacker can cause authenticated users to unintentionally delete files or create directories by tricking them into visiting a crafted URL, as there is no validatio...

8.1CVSS5.8AI score0.00143EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.8 views

CVE-2026-40581

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint SelectDelete.php performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a...

8.1CVSS5.7AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 1:48 a.m.25 views

CVE-2025-11166

WP Go Maps (formerly WP Google Maps) for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) across all versions up to 9.0.46. The root cause is an AJAX bridge that exposes state-changing REST actions without proper CSRF token validation and GET-accessible destructive logic lacking a per...

5.4CVSS5.5AI score0.00179EPSS
Exploits0References6
Rows per page
Query Builder