EUVD-2025-14655

Malicious code in bioql PyPI...

SUSE CVE-2025-46721

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

Cross-Site Request Forgery (CSRF)

github.com/justinas/nosurf is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to misuse of the Go net/http library, which causes nosurf to treat all incoming requests as plain-text HTTP. As a result, it fails to verify that the Referer header is from the same origin,...

CVE-2025-46721

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

GHSA-W9HF-35Q4-VCJW nosurf vulnerable to CSRF due to non-functional same-origin request checks

Impact This vulnerability allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass Cross-Site Request Forgery checks and issue requests on user's behalf. Details Due to misuse of the Go net/http library, nosurf...

nosurf vulnerable to CSRF due to non-functional same-origin request checks

Impact This vulnerability allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass Cross-Site Request Forgery checks and issue requests on user's behalf. Details Due to misuse of the Go net/http library, nosurf...

CVE-2025-46721

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

Cross-site Request Forgery (CSRF)

Overview github.com/justinas/nosurf is a HTTP package for Go that helps you prevent Cross-Site Request Forgery attacks. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the misuse of the net/http library. An attacker can bypass CSRF checks and issue...

CVE-2025-46721 nosurf vulnerable to CSRF due to non-functional same-origin request checks

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

CVE-2025-46721 nosurf vulnerable to CSRF due to non-functional same-origin request checks

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

CVE-2025-46721 nosurf vulnerable to CSRF due to non-functional same-origin request checks

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

CVE-2025-46721

A CSRF vulnerability in nosurf (Go) before v1.2.0 arises from misusing Go’s net/http, causing all incoming requests to be treated as plain-text and bypassing the Referer-origin check. An attacker controlling content on the target or a subdomain can forge cross-origin requests and potentially mani...

nosurf 安全漏洞

nosurf is an HTTP package for Go by Justinas Stankevičius personal developer. It helps you prevent cross-site request forgery attacks. A security vulnerability exists in nosurf versions prior to 1.2.0, which stems from a CSRF check bypass that could lead to cross-site request forgery...

Exploit for Cross-Site Request Forgery (CSRF) in Nosurf_Project Nosurf

CVE-2025-46721: CSRF...

PT-2025-20924 · Nosurf · Nosurf

Name of the Vulnerable Software and Affected Versions: nosurf versions prior to 1.2.0 Description: A vulnerability in nosurf allows an attacker who controls content on the target site, or on a subdomain of the target site, to bypass CSRF checks and issue requests on a user's behalf. This is due t...

GHSA-5X84-Q523-VVWR nosurf vulnerable to improper input validation

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid...

nosurf vulnerable to improper input validation

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid...

CVE-2020-36564 Improper input validation in github.com/justinas/nosurf

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid...

CVE-2020-36564 Improper input validation in github.com/justinas/nosurf

Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid...

nosurf 输入验证错误漏洞

nosurf is an HTTP package for Go by Justinas Stankevičius, a personal developer. It helps you prevent cross-site request forgery attacks. A security vulnerability exists in nosurf that stems from incorrect validation of user input...