2 matches found
CVE-2026-44342
CVE-2026-44342 describes a CSRF vulnerability in the New API where GET requests on state-changing endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind could allow an attacker to bind an email or OAuth identity for a logged-in user when session cookies are susceptible to cross-site n...
Missing Critical Step in Authentication
Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Missing Critical Step in Authentication due to a missing checkaccess call in the installbinding function. An attacker can add, modify, and remove bindings by accessing the...