Lucene search
K

371 matches found

Github Security Blog
Github Security Blog
added 2026/03/20 9:47 p.m.11 views

AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload

Summary The objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting session.cookiesamesite = 'None' for HTTPS connections, an unauthenticated...

8.8CVSS6.2AI score0.00367EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/20 9:47 p.m.7 views

GHSA-HV36-P4W4-6VMJ AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload

Summary The objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting session.cookiesamesite = 'None' for HTTPS connections, an unauthenticated...

8.8CVSS6.2AI score0.00367EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/20 8:44 p.m.8 views

AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

8.8CVSS6.7AI score0.00531EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/20 8:44 p.m.5 views

GHSA-XGGW-G9PM-9QHH AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

8.8CVSS6.7AI score0.00531EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26790

Summary The objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting session.cookie samesite = 'None' for HTTPS connections, an unauthenticated...

8.8CVSS6.2AI score0.00367EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.15 views

PT-2026-26766

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $ REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

8.8CVSS6.7AI score0.00531EPSS
Exploits1References7
CVE
CVE
added 2026/03/17 11:59 p.m.35 views

CVE-2026-27978

Next.js (React framework) vulnerability CVE-2026-27978: in versions 16.0.1 up to 16.1.7, origin: null was treated as missing during Server Action CSRF validation, allowing requests from opaque contexts (e.g., sandboxed iframes) to bypass origin verification and potentially trigger state-changing ...

5.3CVSS5.8AI score0.002EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/17 3:30 p.m.11 views

Next.js: null origin can bypass Server Actions CSRF checks

Summary origin: null was treated as a "missing" origin during Server Action CSRF validation. As a result, requests from opaque contexts such as sandboxed iframes could bypass origin verification instead of being validated as cross-origin requests. Impact An attacker could induce a victim browser ...

5.3CVSS5.8AI score0.002EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/17 3:30 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview next is a react framework. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the uncaught origin: null in the Server Action CSRF validation. An attacker can perform unauthorized state-changing actions on behalf of a user by inducing the user's...

5.3CVSS5.8AI score0.002EPSS
Exploits1References2
OSV
OSV
added 2026/03/17 3:30 p.m.9 views

GHSA-MQ59-M269-XVCX Next.js: null origin can bypass Server Actions CSRF checks

Summary origin: null was treated as a "missing" origin during Server Action CSRF validation. As a result, requests from opaque contexts such as sandboxed iframes could bypass origin verification instead of being validated as cross-origin requests. Impact An attacker could induce a victim browser ...

5.3CVSS5.9AI score0.002EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/12 2:22 p.m.6 views

EUVD-2026-11379

Copyparty has unexpected JavaScript execution via crafted URL to folder with .prologue.html...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 9:16 p.m.9 views

CVE-2026-32109

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

4.4CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 8:16 p.m.4 views

CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 8:16 p.m.32 views

CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS0.00162EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/03/09 1:57 p.m.17 views

Nextcloud: Stored XSS in attachment-display exploitable through SameSite

A stored XSS vulnerability was discovered in the attachment-display feature of Roundcube. By uploading an HTML file and opening it through the display-attachment endpoint, the embedded script could execute under the Roundcube origin. The issue was caused by the lack of a restrictive Content...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/02/26 9:30 a.m.10 views

EUVD-2026-8841

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...

5.3CVSS5.3AI score0.00117EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/26 7:57 a.m.5 views

CVE-2026-1697 Use of unsecure cookies for GraphicalData web service and WebClient web app

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...

5.3CVSS5.3AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/02/11 9:11 p.m.7 views

CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site...

4.1CVSS5.5AI score0.00371EPSS
Exploits0References6
OSV
OSV
added 2026/02/03 7:16 p.m.2 views

CVE-2025-52628

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...

8.8CVSS5.6AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:6 p.m.11 views

EUVD-2025-206688

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...

4.6CVSS5.1AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder