PT-2025-52729

Name of the Vulnerable Software and Affected Versions Local Deep Research versions 1.3.0 through 1.3.8 Description The software is an AI-powered research assistant. A flaw exists in the download service download service.py where HTTP requests are made using raw requests.get calls, bypassing the...

PT-2025-52831

Name of the Vulnerable Software and Affected Versions Zucchetti Axess CLOKI Access Control version 1.64 Description The software contains a cross-site request forgery condition. This allows attackers to manipulate access control settings without user interaction. Attackers can create malicious we...

PT-2025-52760

Hackers Exploit List-Unsubscribe Header for XSS and SSRF Attacks The List-Unsubscribe SMTP header can be exploited for XSS and SSRF attacks if not properly validated. Examples include Horde Webmail CVE-2025-68673 allowing JavaScript URIs and Nextcloud Mail risking SSRF. Proper validation,...

ROS-20251223-7316

Vulnerability in jenkins related to cross-site request forgery. Exploitation of the vulnerability could allow an attacker acting remotely to launch a csrf attack...

CVE-2025-14273 Mattermost Jira plugin user spoofing enables Jira request forgery.

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

CVE-2025-14273

Mattermost with the Jira plugin enabled is affected by CVE-2025-14273. The issue is an improper authentication/authorization flaw in which Mattermost Jira plugin versions <= 4.4.0 fail to enforce authentication and issue-key path restrictions, enabling an unauthenticated attacker who knows a v...

CVE-2025-62107

Cross-Site Request Forgery CSRF vulnerability in PluginOps Feather Login Page feather-login-page allows Cross Site Request Forgery.This issue affects Feather Login Page: from n/a through = 1.1.7...

CVE-2025-62880 WordPress Custom 404 Pro plugin <= 3.12.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kunal Custom 404 Pro custom-404-pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through = 3.12.0...

WordPress Freshchat plugin cross-site request forgery vulnerability

WordPress Freshchat plugin is a tool for integrating live chat functionality on WordPress websites, mainly providing customer support and user interaction features. The WordPress Freshchat plugin suffers from a cross-site request forgery vulnerability that originates from a web application that...

PT-2025-52639

Name of the Vulnerable Software and Affected Versions PluginOps Feather Login Page versions through 1.1.7 Description A Cross-Site Request Forgery CSRF issue exists in PluginOps Feather Login Page. This allows attackers to perform actions on behalf of an unsuspecting user. Recommendations Update...

PT-2025-52698

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains a cross-site request forgery issue that may allow attackers to perform administrative actions without user consent. Attackers can create malicious web pages that subm...

CVE-2025-14164

The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

CVE-2025-14164

The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...

CVE-2025-14734 Amazon affiliate lite Plugin <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update

The Amazon affiliate lite Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'ADALsettingspage' function. This makes it possible for unauthenticated attackers to update...

CVE-2025-14164 Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update

The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the qurangatewayoptions function. This makes it possible for unauthenticated attackers to modify the plugin's display settings v...

PT-2025-52540

Name of the Vulnerable Software and Affected Versions WP DB Booster plugin versions up to and including 1.0.1 Description The WP DB Booster plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation on the cleanup all AJAX action. An...

GHSA-5993-7P27-66G5 Langflow vulnerable to Server-Side Request Forgery

Vulnerability Overview Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block...

Langflow vulnerable to Server-Side Request Forgery

Vulnerability Overview Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block...

WordPress WP DB Booster plugin <= 1.0.1 - Cross-Site Request Forgery to Database Cleanup vulnerability

Cross-Site Request Forgery to Database Cleanup vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP DB Booster versions = 1.0.1...