Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 12:37 p.m.5 views

CVE-2026-4325

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS5.9AI score0.0025EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-53106

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/12 11:15 a.m.25 views

CVE-2022-0141 Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...

8.2AI score0.00453EPSS
Exploits1References2
Patchstack
Patchstack
added 2022/04/11 12:0 a.m.34 views

WordPress Visual Form Builder plugin <= 3.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Entries Deletion/Restoration

Cross-Site Request Forgery CSRF vulnerability leading to Entries Deletion/Restoration discovered by Vishnupriya Ilango in WordPress Visual Form Builder plugin versions = 3.0.7. Solution Update the WordPress Visual Form Builder plugin to the latest available version at least 3.0.8...

8.1CVSS3.1AI score0.00453EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/11 12:0 a.m.23 views

Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks PoC Single entry trash: https://example.com/wp-admin/admin.php?page=vfb-entries=trash=2 Since entry permanent deletion:...

8.1CVSS1.8AI score0.00453EPSS
Exploits1References1Affected Software1
wpexploit
wpexploit
added 2022/04/11 12:0 a.m.125 views

Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks Single entry trash: https://example.com/wp-admin/admin.php?page=vfb-entries&action=trash&entry=2 Since entry permanent deletion:...

8.1CVSS1.1AI score0.00453EPSS
Exploits1References1
Rows per page
Query Builder