Lucene search
K

365 matches found

CVE
CVE
added 2026/05/26 9:58 p.m.24 views

CVE-2026-44985

The CVE-2026-44985 vulnerability affects Dozzle prior to version 10.5.2 where the WebSocket upgrader for /exec and /attach uses CheckOrigin: true, allowing cross-origin upgrade requests. When combined with a SameSite: Lax JWT cookie, this enables Cross-Site WebSocket Hijacking (CSWSH) from a same...

9.6CVSS5.8AI score0.00195EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/26 11:20 a.m.14 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS6.9AI score0.00237EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42676

Name of the Vulnerable Software and Affected Versions NocoDB affected versions not specified Description The refresh-token cookie is configured with httpOnly: true but lacks the secure flag and the sameSite attribute. The absence of the secure flag allows the cookie to be intercepted over plain...

5.4CVSS5.5AI score0.00099EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.11 views

PT-2026-43462

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description A cross-site request forgery CSRF issue exists in the 2FA toggle functionality. The endpoint "plugin/LoginControl/set.json.php" accepts POST requests with the parameters type=set2FA and value=false ...

5.7CVSS5.8AI score0.0011EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.11 views

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

8.1CVSS6AI score0.00168EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 8:34 p.m.13 views

CVE-2026-43877

CVE-2026-43877 (WWBN/AVideo) : CSRF in objects/userSavePhoto.php allows a logged‑in user’s profile photo to be overwritten with arbitrary bytes via a crafted cross‑origin POST, due to missing CSRF protection (the endpoint does not use the .json.php suffix and is excluded from autoCSRFGuard), no t...

5.4CVSS5.9AI score0.00121EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.11 views

EUVD-2026-29114

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

6AI score0.00168EPSS
Exploits1References4
NVD
NVD
added 2026/05/11 6:16 p.m.14 views

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

8.1CVSS0.00168EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39679

Name of the Vulnerable Software and Affected Versions Dozzle versions prior to 10.5.2 Description The WebSocket upgrader for the '/exec' and '/attach' endpoints accepts upgrade requests from any origin because it uses a custom CheckOrigin function that always returns true. When combined with the...

9.6CVSS5.8AI score0.00195EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2026/05/08 7:35 p.m.7 views

CVE-2026-42190 RedwoodSDK: Same-site CSRF in in server actions

RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the...

5.3CVSS5.7AI score0.00111EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 7:35 p.m.38 views

CVE-2026-42190 RedwoodSDK: Same-site CSRF in in server actions

RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the...

5.3CVSS0.00111EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 7:35 p.m.18 views

CVE-2026-42190

RedwoodSDK (rwsdk) server actions from version 1.0.0-beta.50 up to, but not including, 1.2.3, did not validate the Origin header, enabling same-site CSRF with the victim’s session cookie. The issue is fixed in version 1.2.3. Affected component: server actions (serverAction, RSC protocol); impact:...

5.3CVSS5.8AI score0.00111EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/07 6:49 p.m.35 views

CVE-2026-42239 Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover

Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full...

8.1CVSS0.00283EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/07 6:49 p.m.10 views

CVE-2026-42239 Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover

Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full...

8.1CVSS5.8AI score0.00283EPSS
Exploits1References2
NVD
NVD
added 2026/05/07 4:16 a.m.18 views

CVE-2026-41663

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...

3.5CVSS0.00117EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 2:58 a.m.8 views

CVE-2026-41656

CVE-2026-41656 (Admidio) : Prior to 5.0.9, the add mode of modules/documents-files.php accepts a name parameter with only string-based HTML encoding validation, allowing path traversal (../) and, combined with absent CSRF protection and SameSite=Lax cookies, enables a low-privilege attacker to tr...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 2:58 a.m.11 views

EUVD-2026-28265

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 2:58 a.m.11 views

CVE-2026-41656 Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 2:58 a.m.6 views

CVE-2026-41656

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/05 7:13 p.m.7 views

GHSA-JW8G-5J46-44RP AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Authenticated Users' Profile Photos with Arbitrary Content

Summary objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo.png. Its only access control is User::isLogged. It does not end in .json.php, so it is excluded from the project's global autoCSRFGuard...

5.4CVSS6.1AI score0.00121EPSS
Exploits0References4
Rows per page
Query Builder