Lucene search
K

246 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4779

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.02125EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2056

Malicious code in bioql PyPI...

8.8CVSS8AI score0.00679EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-39636

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00226EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2489

Malicious code in bioql PyPI...

8CVSS7.7AI score0.00559EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-21169

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/27 2:43 a.m.6 views

CVE-2025-10752

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter base64 encoded app name without any randomness in the OAuth flow. This makes it possible f...

4.3CVSS5.6AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/26 1:47 a.m.10 views

CVE-2025-10752 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter base64 encoded app name without any randomness in the OAuth flow. This makes it possible f...

4.3CVSS0.00155EPSS
Exploits0References3
CVE
CVE
added 2025/09/26 1:47 a.m.20 views

CVE-2025-10752

CVE-2025-10752 affects the OAuth Single Sign On – SSO (OAuth Client) WordPress plugin. The issue is a Cross‑Site Request Forgery (CSRF) in the OAuth flow caused by a predictable state parameter (base64-encoded app name) that is used during authorization requests. This enables unauthenticated atta...

4.3CVSS5.2AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.7 views

PT-2025-39475

Name of the Vulnerable Software and Affected Versions WordPress OAuth Single Sign On plugin versions prior to 6.26.12 Description The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of utilizing a predictable state...

4.3CVSS6.2AI score0.00155EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/07/31 1:49 p.m.5 views

CVE-2025-40682

SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint...

9.8CVSS8.2AI score0.0029EPSS
Exploits0References1
OSV
OSV
added 2025/07/29 1:15 p.m.5 views

CVE-2025-40682

SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint...

9.8CVSS5.8AI score0.0029EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/07/23 12:0 a.m.105 views

📄 Invision Community 5.0.7 Cross Site Scripting

Invision Community versions 5.0.7 and below have an issue where user input passed through the state POST parameter to the /oauth/callback/index.php script is not properly sanitized before being used to generate HTML output. This can be exploited by attackers to perform reflected cross site...

6.4AI score
Exploits1
NVD
NVD
added 2025/07/11 5:15 p.m.22 views

CVE-2025-43856

immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user starts the login flow...

7.3CVSS0.00325EPSS
Exploits0References1
CVE
CVE
added 2025/07/11 5:10 p.m.64 views

CVE-2025-43856

The CVE-2025-43856 entry concerns immich, a self-hosted photo/video management solution. Affected versions are prior to 1.132.0. The root cause is that the OAuth2 state parameter is not validated, which defeats CSRF protection. When immich uses the /user-settings page as a redirect URI, an attack...

7.3CVSS7AI score0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/11 5:10 p.m.8 views

CVE-2025-43856 immich allows account hijacking through oauth2

immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user starts the login flow...

7.3CVSS6.4AI score0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/11 5:10 p.m.28 views

CVE-2025-43856 immich allows account hijacking through oauth2

immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user starts the login flow...

7.3CVSS0.00325EPSS
Exploits0References1
OSV
OSV
added 2025/07/11 5:10 p.m.6 views

CVE-2025-43856 immich allows account hijacking through oauth2

immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user starts the login flow...

7.3CVSS6.9AI score0.00325EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:15 a.m.4 views

CVE-2024-30989

Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname", "state" and "city" parameter...

5.4CVSS7.1AI score0.00442EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:56 a.m.22 views

CVE-2024-42476

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

6.5CVSS7.3AI score0.00226EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.5 views

CVE-2023-26847

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates...

5.4CVSS5.6AI score0.00429EPSS
Exploits0References1
Rows per page
Query Builder