29552 matches found
CVE-2026-25221
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221
PolarLearn (0-PRERELEASE-15 and earlier) has a CSRF vulnerability in its OAuth 2.0 login flow for GitHub and Google, caused by failing to implement/verify the state parameter. This allows an attacker to pre-authenticate a session and trick a victim into logging into the attacker’s account, with v...
Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
ExploitAtlas A full-stack Rust application for CVE intelligen...
GO-2026-4352 OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format in github.com/opentofu/opentofu
OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format in github.com/opentofu/opentofu...
GO-2026-4348 Client DoS via malformed server response in github.com/theupdateframework/go-tuf
Client DoS via malformed server response in github.com/theupdateframework/go-tuf...
CVE-2026-25522
creationtimestamp| type| source ---|---|--- 2026-02-02 20:59:20+00:00| published-proof-of-concept| https://github.com/craftcms/commerce/security/advisories/GHSA-h9r9-2pxg-cx9m...
GHSA-X24C-W26V-W8JG vulnerabilities
Vulnerabilities for packages: openjdk-21-openj9, openjdk-25-openj9, openjdk-8-openj9, openjdk-17-openj9, openjdk-11-openj9...
GHSA-7W66-J2R2-VM3P vulnerabilities
Vulnerabilities for packages: kubernetes...
GHSA-88V2-P2R7-RVPX vulnerabilities
Vulnerabilities for packages: samba...
GHSA-R9CF-94MR-8V6Q vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-aws, linux-vmware...
GHSA-45VC-784V-VP78 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-aws, linux-vmware...
GHSA-HWMM-P4J4-8398 vulnerabilities
Vulnerabilities for packages: freeipa...
spec-driven-workflow-poc
Steps for AI setup 1. Create .github folder in the root of th...
PT-2026-5729
Name of the Vulnerable Software and Affected Versions PolarLearn versions 0-PRERELEASE-15 and earlier Description The OAuth 2.0 implementation for GitHub and Google login providers is susceptible to Login Cross-Site Request Forgery CSRF. The application does not implement and verify the state...
data-cve-poc-py-v1
data-cve-poc This repository collects all CVE vulnerability...
golang-github-prometheus-prometheus-3.9.1-2.1 on GA media (moderate)
golang-github-prometheus-prometheus-3.9.1-2.1 on GA media Announcement ID: openSUSE-SU-2026:10124-1 Rating: moderate Cross-References: CVE-2025-13465 CVSS scores: CVE-2025-13465 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2025-13465 SUSE : 8.8...
GHSA-XVQR-69V8-F3GV vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-snapshotter-fips, cloudbeat, scorecard, kubevela-fips, blobfuse2-fips, policy-controller, prometheus-pushgateway-fips, prometheus-pgbouncer-exporter, spicedb-operator-fips, src-fingerprint, vendir-fips, k8s-metacollector, opentofu-fips,...