17 matches found
EUVD-2026-10126
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
CVE-2026-1085
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
CVE-2026-1085
CVE-2026-1085 — WordPress True Ranker plugin (versions
CVE-2026-1085 True Ranker <= 2.2.9 - Cross-Site Request Forgery to Unauthorized True Ranker Disconnection
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
CVE-2026-1085
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
PT-2026-23836
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
WordPress plugin True Ranker 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2025-199765
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.2
Red Hat OpenShift Service Mesh 3.1.2 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.5
Red Hat OpenShift Service Mesh 3.0.5 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.0....
BIT-ENVOY-2025-55162 Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...
September 26, 2024—KB5043145 (OS Builds 22621.4249 and 22631.4249) Preview
September 26, 2024—KB5043145 OS Builds 22621.4249 and 22631.4249 Preview 07/09/24---END OF SERVICE NOTICE ---IMPORTANT Home and Pro editions of Windows 11, version 22H2 will reach end of service on October 8, 2024. Until then, these editions will only receive security updates. They will not...
Zoho ManageEngine ADSelfService Plus 跨站脚本漏洞
Zoho ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlocking, profile information update, etc. without relying on the help desk. A reflected cross-site scripting vulnerability exists in the...
Uber: The Microsoft Store Uber App Does Not Implement Server-side Token Revocation
Summary The Microsoft Store Uber App Windows Phone Architecture does not properly revoke or expire a rider's x-uber-token upon app signout. Security Impact When a user logs out/signs off of the app, the logout process is handled only locally on the application side, and without any type of...
CVE-2015-5832
The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors...
InVision: Content Spoofing - Signout Warning Page
When there's a failure, it sends the user back to a URL like https://███████?kind=error&message=Please+use+one+of+the+options+below+to+log+in+to+█████████ Fix this so the message parameter is parsed and displayed as a flash message. Let we test it on InvisionApp. Orginal link:...
CVE-2009-2192
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."...