CVE-2026-7507

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

PT-2026-38309

Name of the Vulnerable Software and Affected Versions MISP modules versions 3.0.7 and earlier Description A Cross-Site Request Forgery CSRF issue in the MISP Modules website allows an attacker to trick an authenticated user into submitting unintended requests to the "/home" endpoint. This occurs...

CVE-2026-39848

Dockyard CVE-2026-39848 affects the Dockyard Docker container management app prior to version 1.1.0. The issue arises because start/stop operations for containers are triggered via GET requests to /apps/action.php?action=stop&name= or /apps/action.php?action=start&name= without CSRF protection, e...

EUVD-2022-7145

Malicious code in bioql PyPI...

WordPress plugin Directorist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2022-1574

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files such as PHP on the remote server...

PT-2021-16131 · WordPress · Wechat Reward Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Wechat Reward WordPress plugin versions 1.7 and earlier Description: The issue allows attackers to make a logged-in admin change the settings and perform Cross-Site Scripting attacks due to the lack of sanitization or escaping of its QR...

CVE-2019-13516

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect...

web-console: XSS in OAuth server /oauth/token/request endpoint

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

Cross site scripting

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to...

Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

Ubuntu Update for tomcat7 USN-1685-1

Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN16851.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for tomcat7 USN-1685-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...