Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/02/02 11:16 p.m.2 views

CVE-2026-25221

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...

8.1CVSS0.00016EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/02/02 10:59 p.m.23 views

CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...

2.3CVSS0.00016EPSS
Exploits1References2
NVD
NVDadded 2025/12/05 11:15 p.m.2 views

CVE-2025-66629

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the respon...

4.3CVSS0.00015EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/04/04 12:0 a.m.2 views

PT-2023-21171 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: The OAuth filter in Envoy assumes that a state query param is present on a...

7.5CVSS6.8AI score0.0003EPSS
Exploits1References12
OSV
OSVadded 2022/11/14 7:0 p.m.14 views

GHSA-W8FP-3GWQ-GXPW Concrete CMS vulnerable to Cross-site Request Forgery

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth...

8.8CVSS8.8AI score0.00241EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2022/11/14 12:0 a.m.1 views

PT-2022-27009 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS affected versions not specified Description: The issue is related to a lack of the State parameter for the external Concrete authentication service, specifically affecting users who utilize the "out of the box" core OAuth. This...

8.8CVSS7.1AI score0.00241EPSS
Exploits0References13
CNVD
CNVDadded 2018/03/08 12:0 a.m.3 views

Auth0 auth0.js library cross-site request forgery vulnerability

Auth0 auth0.js library is the United States Auth0 company's set of Auth0 development platform tool library . A cross-site request forgery vulnerability exists in versions of the Auth0 auth0.js library prior to 9.3, which stems from the program failing to properly handle the absence of the 'state'...

8.8CVSS7AI score0.00203EPSS
Exploits0References1
Rows per page
Query Builder