CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

Github Security Blog•added 2026/05/22 5:48 p.m.•10 views

Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance

Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth...

5.8AI score

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/22 12:0 a.m.•4 views

PT-2026-42857

5.8AI score

Exploits0References3

GitLab Advisory Database•added 2026/05/22 12:0 a.m.•3 views

Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance

Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth identity...

5.8AI score

Exploits0References3Affected Software1

SUSE CVE•added 2026/01/06 12:27 a.m.•1 views

SUSE CVE-2025-34410

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7.1CVSS6.8AI score0.00041EPSS

Exploits0References2

OSV•added 2025/12/15 8:15 p.m.•1 views

GO-2025-4229 1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality in github.com/1Panel-dev/1Panel

1Panel contains a cross-site request forgery CSRF vulnerability in the Change Username functionality in github.com/1Panel-dev/1Panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

7.1CVSS6.7AI score0.00041EPSS

Exploits0References5

OSV•added 2025/12/10 6:30 p.m.•3 views

GHSA-RPR2-4HQJ-HC4Q 1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality

7.1CVSS6.7AI score0.00041EPSS

Exploits0References5

Github Security Blog•added 2025/12/10 6:30 p.m.•2 views

1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality

7.1CVSS6.8AI score0.00041EPSS

Exploits0References5Affected Software1

EUVD•added 2025/12/10 6:30 p.m.•1 views

EUVD-2025-202444

1Panel contains a cross-site request forgery CSRF vulnerability in the Change Username functionality...

7CVSS6.3AI score0.00041EPSS

Exploits0References4

Snyk•added 2025/12/10 4:46 p.m.•1 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Change Username process in the settings panel. An attacker can cause a user's account to be locked out by tricking the victim into visiting a malicious webpage while authenticated, which submits a...

7.1CVSS6.8AI score0.00041EPSS

Exploits0References2

Snyk•added 2025/12/10 4:46 p.m.•2 views

Cross-site Request Forgery (CSRF)

7.1CVSS6.5AI score0.00041EPSS

Exploits0References2

NVD•added 2025/12/10 4:16 p.m.•1 views

CVE-2025-34410

7.1CVSS0.00041EPSS

Exploits0References3

Cvelist•added 2025/12/10 4:7 p.m.•23 views

CVE-2025-34410 1Panel CSRF in Change Username Functionality Allows Account Lockout

7CVSS0.00041EPSS

Exploits0References3

Vulnrichment•added 2025/12/10 4:7 p.m.•1 views

CVE-2025-34410 1Panel CSRF in Change Username Functionality Allows Account Lockout

7CVSS6.4AI score0.00041EPSS

Exploits0References3

CVE•added 2025/12/10 4:7 p.m.•10 views

CVE-2025-34410

1Panel versions 1.10.33–2.0.15 have a CSRF in Change Username under /settings/panel. The endpoint lacks anti-CSRF tokens and Origin/Referer checks, enabling an attacker to submit a username-change request via a malicious page while the victim is authenticated. The victim’s username can be changed...

7.1CVSS6.4AI score0.00041EPSS

Exploits0References3Affected Software1

GitLab Advisory Database•added 2025/12/10 12:0 a.m.•4 views

1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality

7.1CVSS6.8AI score0.00041EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2025/06/22 12:0 a.m.•4 views

PT-2025-26552 · Code Projects · Code-Projects Inventory Management System

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management System version 1.0 Description: A critical vulnerability has been found in the code-projects Inventory Management System, affecting the file /changeUsername.php. The manipulation of the user id argument lead...

9.8CVSS7.5AI score0.00204EPSS

Exploits1References12

RedhatCVE•added 2025/05/23 3:58 a.m.•10 views

CVE-2023-46451

Best Courier Management System v1.0 is vulnerable to Cross Site Scripting XSS in the change username field...

5.4CVSS6AI score0.00119EPSS

Exploits2

RedhatCVE•added 2025/05/23 2:32 a.m.•0 views

CVE-2023-1459

A vulnerability was found in SourceCodester Canteen Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file changeUsername.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The...

9.8CVSS8AI score0.00306EPSS

Exploits1References1