2 matches found
CVE-2026-54359
The CVE-2026-54359 entries describe an insecure default in MISP where Security.check_sec_fetch_site_header is disabled, allowing CSRF-like abuse where a remote unauthenticated attacker could induce an authenticated user’s browser to issue state-changing requests (POST/PUT/AJAX) to MISP automation...
PT-2026-32987
Hackage CSRF vulnerability Vulnerable File: src/Distribution/Server/Features/Votes.hs example Impact: can forge requests through XSS hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly...