CVE-2026-53663

React Router (v7 Framework Mode) is affected in versions 7.12.0–7.15.0 where CSRF checks run on POST but not on PUT/PATCH/DELETE; this could enable cross-origin state changes. The issue is considered low severity due to browser protections (CORS preflight, SameSite cookies). It has been fixed in ...

CVE-2026-53663 React Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypass

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

CVE-2026-41317

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS.press.api.account.createapisecret is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit...

CVE-2026-41317

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS.press.api.account.createapisecret is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit...

VulnCheck KEV: CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

Fedora 22 : glpi-0.90.3-1.fc22 (2016-657a4a658e)

Version 0.90.3 security update to prevent a minor vulnerability fix issues with post-only ticket form See changelog for more details. ---- Version 0.90.2 Include bugfixes and some minor features : An alert in central page when some of your mysql tables are marked as crashed A better flexibility i...

Fedora 24 : glpi-0.90.3-1.fc24 (2016-9db4add326)

Version 0.90.3 security update to prevent a minor vulnerability fix issues with post-only ticket form See changelog for more details. ---- Version 0.90.2 Include bugfixes and some minor features : An alert in central page when some of your mysql tables are marked as crashed A better flexibility i...

Fedora 23 : glpi-0.90.3-1.fc23 (2016-a099d11840)

Version 0.90.3 security update to prevent a minor vulnerability fix issues with post-only ticket form See changelog for more details. ---- Version 0.90.2 Include bugfixes and some minor features : An alert in central page when some of your mysql tables are marked as crashed A better flexibility i...