CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

CVE-2026-6294 Google PageRank Display <= 1.4 - Cross-Site Request Forgery to Settings Update via Settings Page

The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplayoption function, which handles the plugin settings page. The settings form does not include a wpnoncefield, and...

PT-2026-34286

Name of the Vulnerable Software and Affected Versions Call To Action Plugin versions prior to 3.1.4 Description The plugin is susceptible to Cross-Site Request Forgery due to missing nonce validation in the cbox options page function, which manages the saving, creation, and deletion of plugin...

CVE-2002-2109

Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTPREFERER check and conduct unauthorized activities via 1 a blank referer, 2 a spoofed referer with a trusted domain/URL after the beginning of the referer, or 3 a spoofed referer with a trusted domain/URL in the beginni...

SUSE CVE-2025-46721

nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...

SUSE CVE-2025-24358

gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...

CVE-2020-8417

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu...

CVE-2020-8417

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu...

CVE-2020-8417

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu...

DEBIAN-CVE-2016-6897

Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the checkajaxreferer...

ClipperCMS 'Referer Check' Cross-Site Request Forgery Vulnerability

ClipperCMS is a content management system CMS. A cross-site request forgery vulnerability exists in ClipperCMS. A remote attacker could exploit this vulnerability to perform unauthorized actions and gain access to the affected application...

ClipperCMS 1.3.0 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.clippercms.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 11/13/2015 Relea...

SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise &#40;part 1&#41;

SEC Consult Vulnerability Lab Security Advisory 20130308-0 ======================================================================= title: Multiple critical vulnerabilities part 1 product: GroundWork Monitor Enterprise vulnerable version: 6.7.0 fixed version: none - optional technical bulletin...

GroundWork Monitor Enterprise 6.7.0 XSS / Disclosure / Command Execution

GroundWork Monitor Enterprise version 6.7.0 suffers from insufficient authentication, file disclosure, file modification, cross site scripting, XML external entity injection, command injection, and various other vulnerabilities. Detailed proof of concepts were removed by the author because...

CVE-2011-1482

Multiple cross-site request forgery CSRF vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts or 2 grant the administrative privilege to a user account, related to a...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts or 2 grant the administrative privilege to a user account, related to a...

PHP-Nuke 8.x &lt;= Cross Site Request Forgery &#40;CSRF&#41; / Anti-CSRF Bypass Vulnerability

PHP-Nuke 8.x = Cross Site Request Forgery CSRF / Anti-CSRF Bypass Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower versions are vulnerable to Cross Site Request Forgery CSRF because its Anti-CSRF mechanism Referer Check is found to be broken. 2. BACKGROUND PHP-Nuke is a Web Portal...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...

CVE-2010-0921

Cross-site request forgery CSRF vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...

CVE-2010-0920

Cross-site scripting XSS vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...