Lucene search
K

10336 matches found

CVE
CVE
added yesterday9 views

CVE-2026-47158

CVE-2026-47158 – Vaultwarden (Rust) : A CSRF flaw in Vaultwarden’s SSO authorization flow prior to 1.36.0 allowed an unauthenticated attacker to induce IdP authentication and redeem tokens for a fully authenticated session. The root causes include: the OAuth state parameter from /connect/authoriz...

8.3CVSS6.1AI score0.00031EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday16 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7AI score0.0161EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-52100

Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to execute arbitrary code via the uploadPutHandler function...

0.00501EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-58489

HedgeDoc prior to v1.11.0 is vulnerable to a CSRF-like flaw in the GitHub Gist export callback. The OAuth2 state value was only checked for presence, not validated against the user session, allowing an attacker to craft a callback URL with their own valid GitHub OAuth code. When a logged-in victi...

6.8CVSS6.1AI score0.00126EPSS
Exploits0References2
NVD
NVD
added 3 days ago5 views

CVE-2026-61956

Cross-Site Request Forgery CSRF vulnerability in hamsalam ووسلام همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام همگام سازی ووکامرس و باسلام: from n/a through = 1.9.1...

7.1CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 3 days ago14 views

CVE-2026-57786

CVE-2026-57786 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WorkScout-Core (purethemes WorkScout-Core) that allows authentication bypass. Affected versions are WorkScout-Core up to and including 1.7.08. The connected sources (NVD and CVE records) confirm the...

8.8CVSS6.1AI score0.00164EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-15080

Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...

4.3CVSS0.00118EPSS
Exploits0References1
CVE
CVE
added 6 days ago26 views

CVE-2026-13243

CVE-2026-13243 describes a CSRF vulnerability in the Drupal Salesforce Suite where the OAuth handshake during interactive authentication is not properly validated, enabling an attacker to hijack the authorization token and bind the site to the attacker’s Salesforce account. Affected versions are ...

4.8CVSS6.1AI score0.0009EPSS
Exploits0References1
OSV
OSV
added 6 days ago3 views

CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

4.8CVSS6.1AI score0.0009EPSS
Exploits0References5
NVD
NVD
added 6 days ago6 views

CVE-2026-6440

The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the resetcredential function, which handles the...

4.3CVSS0.00168EPSS
Exploits0References8
OSV
OSV
added last week4 views

CVE-2026-44342 New API CSRF in email and WeChat account binding endpoints

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...

5.3CVSS6AI score0.00187EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-57002

Name of the Vulnerable Software and Affected Versions Cotonti Siena versions prior to 0.9.27 Description A cross-site request forgery CSRF issue exists where unauthenticated attackers can modify administrator configurations. This occurs because the admin.php config update handler does not invoke...

8.8CVSS6.3AI score0.00175EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/04 5:58 p.m.35 views

CVE-2026-12740 Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

0.00172EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 3:52 a.m.20 views

CVE-2026-58518

The CVE-2026-58518 entry describes a CSRF vulnerability in the MediaWiki RedirectManager Extension prior to version 1.3.3. The affected component is the RedirectManager Extension for MediaWiki; the documented impact is Cross-Site Request Forgery, but no exploitation details, specific vulnerable f...

6.9CVSS5.8AI score0.00088EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/06/30 1:53 p.m.60 views

igracias-audit

🎯 iGracias Security Audit — Telkom University Comprehensive s...

10CVSS7.1AI score0.99999EPSS
Exploits60
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.35 views

CVE-2026-57637 WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...

4.3CVSS0.00107EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 2:17 p.m.4 views

CVE-2026-57305

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.33 views

CVE-2026-57295

A cross-site request forgery CSRF vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.33 views

CVE-2026-57290

A cross-site request forgery CSRF vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b84449 and earlier allows attackers to overwrite the global job priority configuration...

0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 5:33 a.m.10 views

EUVD-2026-38669

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References6
Rows per page
Query Builder