3 matches found
CVE-2026-40458
CVE-2026-40458 is a CSRF vulnerability in PAC4J. A malicious site can cause a user’s browser to submit forged requests with a token whose hash collides with the victim’s legitimate CSRF token, without needing the token or its hash in advance. The root cause involves collisions in the deterministi...
CVE-2024-8927
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...
PT-2022-3081 · Saia Burgess Controls · Pcd
Name of the Vulnerable Software and Affected Versions: Saia Burgess Controls SBC PCD through 2022-05-06 Description: The issue is related to the use of an insecure algorithm for hashing passwords in the S-Bus protocol implementation of the Saia Burgess Controls SBC PCD controllers. This allows an...