Lucene search
+L

10337 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-31014

Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...

6.3CVSS5.5AI score0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.7 views

CVE-2026-8409

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS5.5AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8434

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8435

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file approveVersion. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks...

6.5CVSS5.5AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.13 views

CVE-2025-68604

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS5.4AI score0.00092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.13 views

CVE-2026-7561

The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

6.1CVSS5.4AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.4AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.13 views

CVE-2026-6932

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4118

The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cboxoptionspage function which handles saving, creating, and deleting plugin settings. The form rendered on the...

4.3CVSS5.3AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.12 views

CVE-2026-45430

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...

7.1CVSS5.5AI score0.00121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-47069

Name of the Vulnerable Software and Affected Versions Frontend User Notes versions prior to 2.1.2 Description The plugin is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a logged-in user into executing unwanted actions. This occurs due to missing or incorrect nonce...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:32 p.m.8 views

CVE-2026-43985

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose configUpdate as a state-changing administrator endpoint, but the route does not enforce POST and does not use any anti-CSRF token. In the default form and JWT-based authentication mode,...

8.8CVSS5.8AI score0.00146EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.13 views

CVE-2019-25734 Contact Form by WD 1.13.1 CSRF to Local File Inclusion

Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...

5.1CVSS5.8AI score0.00887EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 9:16 a.m.22 views

CVE-2026-8422

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS0.00132EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.8 views

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.12 views

CVE-2026-8422

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/02 7:48 a.m.12 views

CVE-2026-8422 Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.45 views

CVE-2026-9730 Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

4.3CVSS0.00131EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 7:48 a.m.23 views

CVE-2026-8422

CVE-2026-8422 concerns the WordPress plugin Remove meta boxes per user role (versions up to and including 1.01). The vulnerability stems from missing or incorrect nonce validation on the remove-meta-boxes-per-user-role page, enabling CSRF. This could allow unauthenticated attackers to modify or r...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.9 views

CVE-2026-9723

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
Rows per page
Query Builder