CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

PT-2026-32495

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

CVE-2026-0832

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

CVE-2026-0832 New User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

EUVD-2026-4914

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

CVE-2026-0832

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

CVE-2026-0832 New User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

PT-2026-5067

Name of the Vulnerable Software and Affected Versions New User Approve plugin for WordPress versions up to and including 3.2.2 Description The New User Approve plugin for WordPress is susceptible to unauthorized data access and modification. This is due to a missing capability check on multiple...

EUVD-2023-33703

Malicious code in bioql PyPI...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the batchForceLogout operation, accessible via the /monitor/online/batchForceLogout endpoint. A user can bypass authorization controls to force another user offline by supplying a different user's ID in the ids...

PT-2023-30650 · WordPress · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: wpForo Forum versions through 2.2.6 Description: The issue is related to Cross-Site Request Forgery CSRF and Missing Authorization, allowing unauthorized access to functionality not properly constrained by Access Control Lists ACLs. This can...

CVE-2023-40273

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...

Denial Of Service (DoS)

keycloak-connect is vulnerable to denial of service. Failure to validate JWT signatures on /klogout route allows remote attackers to force logout users and indefinitely deny service to the application using malicious JWTs with NBF values...

CVE-2016-4909

Cross-site request forgery CSRF vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors...

Weblate: Invalidate session after password reset - hosted website

Hey team, The Hosted Website doesn't invalidate session after the password is reset. It's one of the OWASP recommendations to terminate the session when a password is changed and force the user to re-login. Quote from OWASP: Renew the Session ID After Any Privilege Level Change The session ID mus...

Wolfcms <= 0.75 Multiple Vulnerabilities (CSRF - XSS)

No description provided by source. +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wolfcms = 0.75 Multiple Vulnerabilities CSRF - XSS Date : 22-03-2012 Author : Ivano Binetti...

Wolfcms 0.75 - Cross-Site Request Forgery Cross-Site Scripting

Wolfcms 0.75 - Cross-Site Request Forgery Cross-Site Scripting +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wolfcms = 0.75 Multiple Vulnerabilities CSRF - XSS Date : 22-03-2012 Author : Ivano...

Wolfcms 0.75 - Cross-Site Request Forgery / Cross-Site Scripting

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wolfcms = 0.75 Multiple Vulnerabilities CSRF - XSS Date : 22-03-2012 Author : Ivano Binetti http://www.ivanobinetti.com Software link :...

Wolfcms <= 0.75 CSRF / XSS Vulnerabilities

Exploit for php platform in category web applications +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wolfcms = 0.75 Multiple Vulnerabilities CSRF - XSS Date : 22-03-2012 Author : Ivano Binetti...