92 matches found
CVE-2026-34721
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...
CVE-2026-34721
Zammad (web-based helpdesk) has a CSRF vulnerability in the OAuth callback endpoints for external credentials (Microsoft, Google, Facebook). Prior to versions 7.0.1 and 6.5.4, these endpoints do not validate the CSRF state parameter, enabling potential CSRF-like behavior in the OAuth flow. The is...
PT-2026-31418
Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 and prior to 6.5.4 Description The OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This could allow an attacker to potentially compromise...
CVE-2026-25221
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
CVE-2026-25221
PolarLearn (0-PRERELEASE-15 and earlier) has a CSRF vulnerability in its OAuth 2.0 login flow for GitHub and Google, caused by failing to implement/verify the state parameter. This allows an attacker to pre-authenticate a session and trick a victim into logging into the attacker’s account, with v...
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...
PT-2026-5729
Name of the Vulnerable Software and Affected Versions PolarLearn versions 0-PRERELEASE-15 and earlier Description The OAuth 2.0 implementation for GitHub and Google login providers is susceptible to Login Cross-Site Request Forgery CSRF. The application does not implement and verify the state...
Russian BlueDelta (Fancy Bear) Uses PDFs to Steal Logins in Just 2 Seconds
New research from Recorded Future reveals how Russian state hackers BlueDelta are using fake Microsoft and Google login portals to steal credentials. The campaign involves using legitimate PDF lures from GRC and EcoClimate to trick victims...
CVE-2025-66629
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the respon...
WordPress Felan Framework Improper Authentication Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language.WordPress plugin is an application plugin. A vulnerability exists in the WordPress Felan Framework, which is caused by the presence of hard-coded passwords in the fbajaxloginorregister function and t...
EUVD-2025-34721
The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fbajaxloginorregister' function and in the 'googleajaxloginorregister' function. This makes it possible for unauthenticated...
CVE-2025-10850 Felan Framework <= 1.1.4 - Hardcoded Credentials
The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fbajaxloginorregister' function and in the 'googleajaxloginorregister' function. This makes it possible for unauthenticated...
WordPress plugin Felan Framework 信任管理问题漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language.WordPress plugin is an application plugin. A vulnerability exists in the WordPress Felan Framework, which is caused by the presence of hard-coded passwords in the fbajaxloginorregister function and t...
EUVD-2022-7743
Malicious code in bioql PyPI...
EUVD-2023-2500
Malicious code in bioql PyPI...
EUVD-2021-30682
Malicious code in bioql PyPI...
EUVD-2022-4253
Malicious code in bioql PyPI...