CVE-2026-42190

RedwoodSDK (rwsdk) server actions from version 1.0.0-beta.50 up to, but not including, 1.2.3, did not validate the Origin header, enabling same-site CSRF with the victim’s session cookie. The issue is fixed in version 1.2.3. Affected component: server actions (serverAction, RSC protocol); impact:...

Vulnerability fixed in VMware Workspace ONE UEM

VMware has fixed a vulnerability in Workspace ONE UEM. A unauthenticated malicious person could exploit this vulnerability to perform a same-site request forgery SSRF attack and thereby gain access to sensitive data. For successful exploitation requires network access to the Workspace ONE UEM...

Vulnerabilities fixed in Esri ArcGIS Server

Esri has fixed vulnerabilities in ArcGIS Server. A malicious party could exploit the vulnerabilities to perform of a Same-Site Request Forgery SSRF or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application visite...

PT-2020-12529 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.16 TYPO3 CMS versions 10.0.0 through 10.4.1 Description: A same-site request forgery vulnerability has been discovered in the backend user interface and install tool of TYPO3 CMS. This vulnerability can be...