Lucene search
K

22189 matches found

CVE
CVE
added yesterday3 views

CVE-2026-58477

SIP (Sustainable Irrigation Platform) up to version 5.2.16 contains a mass assignment flaw where the value-setting interface copies every HTTP parameter into internal settings without whitelisting. This enables unauthenticated attackers to overwrite sensitive configuration such as the passphrase ...

8.8CVSS6.1AI score
Exploits2References2Affected Software1
Nuclei
Nuclei
added yesterday37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7AI score0.04184EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday16 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7AI score0.0161EPSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-11563

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS0.00109EPSS
Exploits0References1
Zero Science Lab
Zero Science Lab
added yesterday28 views

SIP Sustainable Irrigation Platform 5.x CSRF Disable Passphrase Authorization

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.1CVSS6.1AI score
Exploits2
Zero Science Lab
Zero Science Lab
added yesterday27 views

SIP Sustainable Irrigation Platform 5.x (cv) Settings Mass Assignment

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

8.8CVSS6.1AI score
Exploits2
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-58489 HedgeDoc: CSRF in GitHub Gist export callback

HedgeDoc is an open source, real-time collaborative markdown notes application. Prior to 1.11.0, the GitHub Gist export flow created an OAuth2 state value but only checked that it was present rather than validating it against the value expected for the user's session. Because the state was not...

6.8CVSS0.00126EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-61502

CVE-2026-61502 affects Rejetto HFS versions 3.0.0 through 3.2.0. The root cause is that state-changing API requests can be issued via GET and are exempt from the anti-CSRF header check, enabling a remote attacker to perform administrative actions (e.g., account creation, configuration changes) an...

5.1CVSS6.4AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-61502 Rejetto HFS < 3.2.1 Cross-Site Request Forgery via GET Requests

Rejetto HFS 3.0.0 through 3.2.0 accepts state-changing API requests via the GET method and exempts GET requests from its anti-CSRF header check. A remote attacker can perform administrative actions including account creation and configuration changes leading to code execution - by causing a...

5.1CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-57786

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through = 1.7.08...

8.8CVSS0.00164EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-61956

The CVE-2026-61956 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin sync-basalam (ووسلام – همگام سازی ووکامرس و باسلام) up to version 1.9.1. Affected component: the plugin’s CSRF handling exposes an attack surface enabling unauthorized actions initiated by...

7.1CVSS6.1AI score0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-61956 WordPress ووسلام – همگام سازی ووکامرس و باسلام plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in hamsalam ووسلام همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام همگام سازی ووکامرس و باسلام: from n/a through = 1.9.1...

7.1CVSS0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57786 WordPress WorkScout-Core plugin <= 1.7.08 - Cross Site Request Forgery (CSRF) to Broken Authentication vulnerability

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects WorkScout-Core: from n/a through = 1.7.08...

8.8CVSS0.00164EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2 days ago40 views

Cisco IOS Cross-Site Request Forgery Vulnerability

Cisco IOS 12.4 contains multiple cross-site forgery vulnerabilities that allows remote attackers to execute arbitrary commands via 1 a certain "show privilege" command to the /level/15/exec/- URI, and 2 a certain "alias exec" command to the /level/15/exec/-/configure/http URI...

9.3CVSS6.3AI score0.23857EPSS
In wildExploits1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43075

Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...

6.1AI score0.00118EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-55883

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websockettoken endpoint and the upgrader accepts clients that omit an Origin...

8.3CVSS0.00222EPSS
Exploits0References4
NVD
NVD
added 5 days ago5 views

CVE-2026-13243

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

4.8CVSS0.0009EPSS
Exploits0References1
OSV
OSV
added 5 days ago2 views

CVE-2026-15080 Ray Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071

Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...

4.3CVSS6.1AI score0.00118EPSS
Exploits0References5
CVE
CVE
added 5 days ago12 views

CVE-2026-15080

Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...

4.3CVSS6.1AI score0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

0.0009EPSS
Exploits0References1
Rows per page
Query Builder