Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/05/21 8:19 p.m.4 views

CVE-2026-8417 Concrete CMS 9.5.0 and below is vulnerable to CSRF in do_update() in the package update controller

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/doupdate/. The doupdate method in concrete/controllers/singlepage/dashboard/extend/update.php checks only canInstallPackages before executing upgradeCoreData and upgrade on the named...

7.5CVSS5.7AI score0.00027EPSS
Exploits0References1
OSV
OSVadded 2026/05/05 7:13 p.m.2 views

GHSA-JW8G-5J46-44RP AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Authenticated Users' Profile Photos with Arbitrary Content

Summary objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo.png. Its only access control is User::isLogged. It does not end in .json.php, so it is excluded from the project's global autoCSRFGuard...

5.4CVSS6.1AI score0.00016EPSS
Exploits0References4
OSV
OSVadded 2026/04/01 8:48 p.m.2 views

GHSA-C4XJ-X7P8-3X7Q AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users

Summary The AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token. Because AVideo sets SameSite=None on session cookies, a cross-origin...

6.5CVSS6AI score0.00008EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/01/29 3:18 p.m.4 views

CVE-2025-59891

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS5.9AI score0.00034EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.12 views

EUVD-2017-0351

Malware in sbrugna...

8.8CVSS8.6AI score0.00198EPSS
Exploits2References13
Github Security Blog
Github Security Blogadded 2025/01/21 8:25 p.m.33 views

Cross-Site Request Forgery in CodeChecker API

Summary Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions. Details Security attributes like HttpOnly and SameSite are missing from the session cookie, allowing its use from XHR requests and...

8.2CVSS8.4AI score0.00179EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2018/02/21 8:29 p.m.1 views

CVE-2018-7305

MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts...

4.9CVSS5.9AI score
Exploits0References1
Rows per page
Query Builder