Lucene search
+L

26 matches found

euvd
euvd
added yesterday5 views

EUVD-2026-44919

HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the "SameSite" attribute on session cookies generated during authentication, which could allow a remote attacker to execute Cross-Site Request Forgery CSRF attacks if additional mitigations,...

3CVSS6.2AI score
Exploits0References1
cve
cve
added yesterday7 views

CVE-2026-35143

CVE-2026-35143 affects HCL DFXAnalytics. The issue is that session cookies generated during authentication do not set the SameSite attribute, enabling potential CSRF exposure if additional mitigations (e.g., Anti-CSRF tokens) are not in place. The available data specify a low overall severity (CV...

3CVSS6.2AI score
Exploits0References1
euvd
euvd
added 2026/05/06 7:42 p.m.9 views

EUVD-2026-28156

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

7.2CVSS5.7AI score0.00165EPSS
Exploits0References1
nvd
nvd
added 2026/04/30 4:16 p.m.17 views

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

8.8CVSS0.00173EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

8.8CVSS5.4AI score0.00173EPSS
Exploits0References3
cve
cve
added 2026/03/17 9:42 p.m.16 views

CVE-2026-32839

Edimax GS-5008PL firmware 1.00.54 and earlier is impacted by a cross-site request forgery (CSRF) vulnerability. The issue stems from lack of anti-CSRF tokens and insufficient request validation, enabling remote attackers to coerce logged-in administrators into performing actions via malicious pag...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/02/03 7:13 p.m.6 views

CVE-2026-24434

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

5.1CVSS5.5AI score0.00146EPSS
Exploits0References3
nvd
nvd
added 2025/11/07 7:16 p.m.6 views

CVE-2025-63717

The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...

6.5CVSS0.00144EPSS
Exploits1References2
nvd
nvd
added 2025/11/07 6:15 p.m.5 views

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

6.5CVSS0.00145EPSS
Exploits1References2
osv
osv
added 2025/11/07 6:15 p.m.4 views

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

6.5CVSS5.8AI score0.00145EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/11/07 12:0 a.m.3 views

CVE-2025-63717

The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...

6.5AI score0.00144EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2025/11/07 12:0 a.m.5 views

PT-2025-45479

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description The application lacks sufficient anti-CSRF protections, such as anti-CSRF tokens or same-site cookie restrictions. This allows attackers to potentially trick authenticated...

6.7AI score0.00144EPSS
Exploits1References6
cvelist
cvelist
added 2025/11/07 12:0 a.m.13 views

CVE-2025-63717

The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...

0.00144EPSS
Exploits1References2
cvelist
cvelist
added 2025/11/07 12:0 a.m.14 views

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

0.00145EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/11/07 12:0 a.m.3 views

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

6.5AI score0.00145EPSS
Exploits1References2
euvd
euvd
added 2025/10/29 5:49 p.m.7 views

EUVD-2025-36690

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...

8.6CVSS6.3AI score0.00182EPSS
Exploits0References2
githubexploit
githubexploit
added 2024/09/16 2:5 p.m.98 views

Exploit for CVE-2024-55271

Gym Management System CVE-2024-55271 A GYM management sys...

3.5CVSS5.9AI score0.00129EPSS
Exploits2
ptsecurity
ptsecurity
added 2024/02/28 12:0 a.m.10 views

PT-2024-14181 · Unknown · Ai Power: Complete Ai Pack

Name of the Vulnerable Software and Affected Versions: AI Power: Complete AI Pack – Powered by GPT-4 versions 1.8.12 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

8.8CVSS5.5AI score0.00241EPSS
Exploits0References6
ics
ics
added 2023/06/15 6:0 a.m.35 views

SUBNET PowerSYSTEM Center

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: SUBNET Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Cross-site Scripting, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

9.1CVSS7.3AI score0.00582EPSS
Exploits0References10
cnnvd
cnnvd
added 2022/09/13 12:0 a.m.8 views

Unisys Data Exchange Management Studio 跨站请求伪造漏洞

Unisys Data Exchange Management Studio is an application from the American company Unisys. A data exchange component. A security vulnerability exists in Unisys Data Exchange Management Studio versions prior to 6.0.IC2 and 7.x versions prior to 7.0.IC1, which stems from the absence of Anti-CSRF...

8.8CVSS7.7AI score0.0031EPSS
Exploits0References3
Rows per page
Query Builder