PT-2026-33451

Name of the Vulnerable Software and Affected Versions PAC4J versions prior to 5.7.10 PAC4J versions prior to 6.4.1 Description Cross-Site Request Forgery CSRF occurs when a malicious attacker crafts a website that automatically submits a forged request using a token whose hash collides with the...

Juniper Junos OS Vulnerability (JSA100056)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100056 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge t...

GHSA-PPP5-5V6C-4JWP Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Summary RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This...

CVE-2026-2985

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

MiracleLinux 9 : krb5-1.21.1-4.el9 (AXSA:2024-9084:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9084:07 advisory. freeradius: forgery attack CVE-2024-3596 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

CVE-2025-12416 Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the prsavesettings function and insufficient input sanitization. This makes it possible for...

CVE-2025-12202

A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been...

EUVD-2025-12477

Malicious code in bioql PyPI...

CVE-2025-8133

ChanCMS up to version 3.1.2 is vulnerable to server-side request forgery in the getArticle function (app/modules/api/service/gather.js) via manipulation of the targetUrl parameter. Remote exploitation is possible and has been disclosed publicly. Upgrading to version 3.1.3 addresses the issue (pat...

ALPINE-CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

CVE-2025-0480

A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely...

CVE-2019-5431

This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter"...

MIT Kerberos 安全漏洞

MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters, U.S.A. Kerberos also serves as a network authentication protocol designed with the goal of providing strong authentication services to client/server applications through a key system. A...

CVE-2025-30144

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...

CVE-2025-30144

CVE-2025-30144 affects the fast-jwt library prior to 5.0.6, where iss validation incorrectly accepts an array of strings as a valid issuer. This permissive check can let an attacker forge a JWT containing an issuer array like [host, https://valid-iss], which may be accepted by verifiers (especial...

krb5 security update

An update is available for krb5. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of...

RLSA-2024:9474 Important: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

Linux Distros Unpatched Vulnerability : CVE-2023-46234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on...

Signature Forgery Attack

org.apache.hive, hive-llap-common is vulnerable to signature forgery attack. The vulnerability is due to the use of Arrays.equals for signature validation, which allows an attacker to forge a valid signature byte by byte due to its non-constant-time comparison...

CVE-2020-28398

The vulnerability CVE-2020-28398 affects Siemens RUGGEDCOM ROX devices (MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) with all versions prior to V2.16.0. The CLI feature in the web interface is susceptible to cross-site request forgery (CSRF). An attack...