Lucene search
K

10 matches found

OSV
OSV
added 5 days ago3 views

SUSE-SU-2026:2647-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS6.6AI score0.0156EPSS
Exploits3References39
EUVD
EUVD
added 2026/05/11 6:31 p.m.11 views

EUVD-2026-29114

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

6AI score0.00168EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/06 7:6 p.m.17 views

CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS0.00112EPSS
Exploits1References1
CVE
CVE
added 2026/03/31 8:39 p.m.12 views

CVE-2026-34394

WWBN AVideo (versions 26.0 and prior) is affected by a CSRF vulnerability in the admin/plugin configuration endpoint (admin/save.json.php). The endpoint processes requests without CSRF token validation (no isGlobalTokenValid/verifyToken check), and the app uses SameSite=None cookies, enabling cro...

8.1CVSS6AI score0.00233EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/20 2:55 a.m.5 views

CVE-2026-30888 Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

2.2CVSS5.8AI score0.00213EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/15 2:44 p.m.26 views

CVE-2025-34412

...

0.00075EPSS
Exploits0
Snyk
Snyk
added 2025/09/09 8:42 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the templates/preview process. An attacker can execute arbitrary JavaScript code in the context of an authenticated user's browser by crafting a malicious HTML page that submits a POST request without...

8.8CVSS6.8AI score0.00127EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.4 views

PT-2025-3144 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

4.3CVSS6.8AI score0.00235EPSS
Exploits0References12
CNVD
CNVD
added 2020/02/17 12:0 a.m.4 views

Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2020-16648)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. An elevation of privilege vulnerability exists in Microsoft Edge that stems from the program failing to properly enforce cross-site policies. An attacker could exploit the vulnerability t...

4.2CVSS6.4AI score0.01573EPSS
Exploits0References1
Prion
Prion
added 2009/11/12 5:54 p.m.25 views

Design/Logic Flaw

Incomplete blacklist vulnerability in browser/download/downloadexe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by 1 .mht and 2 .mhtml files, which are...

9.3CVSS6.6AI score0.02254EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder