CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

Cvelist•added 2026/05/22 8:13 p.m.•5 views

CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS0.00006EPSS

Exploits0References2

RedhatCVE•added 2026/05/12 2:21 p.m.•6 views

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

8.1CVSS6AI score0.00016EPSS

Exploits1References1

Cvelist•added 2026/05/11 12:0 a.m.•26 views

CVE-2026-38569

HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...

0.00029EPSS

Exploits1References3

Cvelist•added 2026/05/11 12:0 a.m.•27 views

CVE-2026-38566

0.00016EPSS

Exploits1References3

ATTACKERKB•added 2026/05/11 12:0 a.m.•4 views

CVE-2026-38566

6AI score0.00016EPSS

Exploits1References4

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39654

Name of the Vulnerable Software and Affected Versions HireFlow version 1.2 Description The software fails to implement Cross-Site Request Forgery CSRF token validation on state-changing POST endpoints. This allows an attacker to trick an authenticated user into visiting a malicious page to perfor...

8.1CVSS5.9AI score0.00016EPSS

Exploits1References7

Positive Technologies•added 2026/05/11 12:0 a.m.•7 views

PT-2026-39657

HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidate detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...

5.4CVSS5.8AI score0.00029EPSS

Exploits1References4

ATTACKERKB•added 2026/05/11 12:0 a.m.•3 views

CVE-2026-38569

HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...

5.8AI score0.00029EPSS

Exploits1References4

CNNVD•added 2026/02/27 12:0 a.m.•3 views

Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Versions of Docker Model Runner prior to 1.0.16 contained security vulnerabilities. These vulnerabilities stemmed from unvalidated POST endpoints that allowed arbitrary runtime flags to be accepted. This could enable...

7.5CVSS7.3AI score0.00012EPSS

Exploits0References3

EUVD•added 2026/01/17 7:27 a.m.•3 views

EUVD-2026-3147

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp-posts/v1/query REST API endpoints due to insufficient restrictions on which posts can be include...

5.3CVSS5.7AI score0.00069EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-4706

Malware in sbrugna...

8.8CVSS8.8AI score0.00196EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-33573

Malicious code in bioql PyPI...

9.3CVSS9.3AI score0.00221EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:7 a.m.•5 views

CVE-2019-13183

Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings...

8.8CVSS7AI score0.00196EPSS

Exploits0References1

SUSE CVE•added 2025/04/04 3:0 a.m.•2 views

SUSE CVE-2025-2945

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS9.4AI score0.8249EPSS

Exploits7References4

CVE•added 2025/03/20 10:10 a.m.•44 views

CVE-2024-11040

CVE-2024-11040 entry is rejected and not used; duplicate of CVE-2024-8939.

7.5AI score

Exploits0

CNNVD•added 2023/02/15 12:0 a.m.•1 views

Jenkins Plugin Synopsys Coverity 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

3.5CVSS5AI score0.00059EPSS

Exploits0References4

Prion•added 2022/08/12 3:15 p.m.•19 views

Cross site request forgery (csrf)

An issue was discovered in the webmail component in Zimbra Collaboration Suite ZCS 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to ...

3.5CVSS5.5AI score0.00449EPSS

Exploits0References2Affected Software1

CNNVD•added 2022/08/12 12:0 a.m.•1 views

Zimbra Collaboration Suite 跨站请求伪造漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site request forgery vulnerability exists in Zimbra Collaboration Suite ZCS version 8.8.15, 9.0, which stems from a cross-site request...

5.7CVSS5.8AI score0.00449EPSS

Exploits0References3