Lucene search
+L

34 matches found

cvelist
cvelist
added yesterday17 views

CVE-2026-61452 Grav before 2.0.4 Improper Session Invalidation JWT Access Tokens

The Grav API plugin getgrav/grav-plugin-api before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti JWT ID claim and therefore cannot be revoked server-side. Unlike refresh tokens, access tokens remain valid for their full lifetime...

6.9CVSS
Exploits0References2
nvd
nvd
added 2026/07/08 3:16 p.m.8 views

CVE-2026-10708

This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and the...

7.5CVSS0.00158EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/03 4:30 a.m.10 views

CVE-2026-13040

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'realval' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References15
nvd
nvd
added 2026/06/30 10:16 p.m.8 views

CVE-2026-58449

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS0.00725EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/30 9:6 p.m.5 views

CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References4
osv
osv
added 2026/06/08 10:59 p.m.17 views

GHSA-CMM3-54F8-PX4J Netty's Default QUIC token handler accepts any client-supplied token

NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...

7.5CVSS5.4AI score0.00143EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.11 views

PT-2026-47566

NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...

7.5CVSS5.4AI score
Exploits0References4
osv
osv
added 2026/05/20 3:46 p.m.7 views

GHSA-W9XH-5F39-VQ89 phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration

Summary An authentication bypass vulnerability in phpMyFAQ allows any unauthenticated attacker to reset the password of any user account, including SuperAdmin accounts. By sending a PUT request with just a valid username and associated email address to /api/user/password/update, an attacker...

8.2CVSS5.8AI score0.00324EPSS
Exploits0References2
cve
cve
added 2026/05/12 10:23 p.m.22 views

CVE-2026-42289

CVE-2026-42289 — ChurchCRM CSRF to Admin Privilege Escalation . Prior to version 7.3.2, UserEditor.php processes user creation and permission updates entirely via $_POST without CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an authenticat...

8.8CVSS5.8AI score0.00128EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/11 8:34 p.m.33 views

CVE-2026-43877 WWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary Bytes

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo.png. Its only access control is User::isLogged. It does not...

5.4CVSS0.00121EPSS
Exploits0References2
snyk
snyk
added 2026/04/22 5:6 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET routes that change state. An attacker can cause authenticated users to unintentionally delete files or create directories by tricking them into visiting a crafted URL, as there is no validatio...

8.1CVSS5.8AI score0.00143EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/04/20 7:22 p.m.7 views

CVE-2026-40581

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint SelectDelete.php performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a...

8.1CVSS5.7AI score0.00199EPSS
Exploits0References1
nvd
nvd
added 2026/04/17 2:16 p.m.8 views

CVE-2026-40458

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

7CVSS0.00165EPSS
Exploits0References2
nvd
nvd
added 2026/04/07 5:16 p.m.4 views

CVE-2026-39308

PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious...

7.1CVSS0.00334EPSS
Exploits1References1
cve
cve
added 2026/02/20 11:10 p.m.18 views

CVE-2026-27146

GetSimple CMS is affected by a CSRF on the administrative file upload endpoint across all versions due to missing CSRF protection. An attacker can craft a malicious page that silently triggers a file upload from an authenticated admin user’s browser without a token or origin validation, enabling ...

7.1CVSS5.9AI score0.00174EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/02/05 9:13 p.m.5 views

GHSA-P6PV-Q7RC-G4H9 Unauthenticated Spree Commerce users can view completed guest orders by Order ID

Unauthenticated users can view completed guest orders by Order ID GHSL-2026-029 The OrdersControllershow action permits viewing completed guest orders by order number alone, without requiring the associated order token. Order lookup without enforcing token requirement in OrdersControllershow: rub...

8.7CVSS5.5AI score0.00441EPSS
Exploits1References11
nvd
nvd
added 2025/12/05 5:16 p.m.12 views

CVE-2025-66546

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS0.0012EPSS
Exploits0References4
cve
cve
added 2025/10/09 1:48 a.m.25 views

CVE-2025-11166

WP Go Maps (formerly WP Google Maps) for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) across all versions up to 9.0.46. The root cause is an AJAX bridge that exposes state-changing REST actions without proper CSRF token validation and GET-accessible destructive logic lacking a per...

5.4CVSS5.5AI score0.00179EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54901

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00481EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54890

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00397EPSS
Exploits0References1
Rows per page
Query Builder