Lucene search
K

10 matches found

OSV
OSV
added 2026/03/18 9:33 p.m.3 views

CVE-2026-32742 Parse Server session creation endpoint allows overwriting server-generated session fields

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST...

4.3CVSS6AI score0.00306EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11711

Malware in sbrugna...

4.3CVSS4.7AI score0.00453EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.10 views

CVE-2021-24799

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS6.7AI score0.00453EPSS
Exploits2References1
CNVD
CNVD
added 2021/11/04 12:0 a.m.21 views

WordPress Far Future Expiry Header plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Far Future Expiry Header plugin is vulnerable to cross-site request forgery, which stems from the lack of a vali...

4.3CVSS1.7AI score0.00453EPSS
Exploits2References1
NVD
NVD
added 2021/11/01 9:15 a.m.27 views

CVE-2021-24799

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS0.00453EPSS
Exploits2References1
OSV
OSV
added 2021/11/01 9:15 a.m.3 views

CVE-2021-24799

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS5.8AI score0.00453EPSS
Exploits2References1
Prion
Prion
added 2021/11/01 9:15 a.m.14 views

Cross site request forgery (csrf)

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS4.5AI score0.00453EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/11/01 8:46 a.m.47 views

CVE-2021-24799

The CVE-2021-24799 entry concerns the WordPress plugin Far Future Expiry Header (versions

4.3CVSS4.4AI score0.00453EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/01 8:46 a.m.27 views

CVE-2021-24799 Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.9AI score0.00453EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/10/04 12:0 a.m.21 views

WordPress Far Future Expiry Header plugin <= 1.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress Far Future Expiry Header plugin versions = 1.4. Solution Update the WordPress Far Future Expiry Header plugin to the latest available version...

4.3CVSS2.2AI score0.00453EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder