96 matches found
Apache Airflow security vulnerabilities
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of...
CVE-2026-41074
A flaw was found in RT, an open-source issue and ticket tracking system. This Cross-Site Request Forgery CSRF vulnerability allows a remote attacker to trick a logged-in user into visiting a malicious web page. If successful, the attacker can then perform arbitrary state-changing actions within R...
Request Tracker 跨站请求伪造漏洞
Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 6.0.0 to 6.0.2 of Request Tracker contain a cross-site request forgeing vulnerability. This vulnerability arises from cross-site request forgery, allowing attackers to induce logged-in users to acce...
CVE-2018-25327
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...
CVE-2018-25327 Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...
CVE-2018-25327
Joomla! Component Js Jobs 1.2.0 is affected by a Cross-Site Request Forgery vulnerability that allows attackers to perform state-changing actions without token validation. By tricking an administrator into visiting a malicious page, an attacker can target endpoints such as job.jobenforcedelete to...
HireFlow 安全漏洞
HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the fact that all POST endpoints for state changes do not implement CSRF token verificatio...
SUSE CVE-2026-31574
In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...
DEBIAN-CVE-2026-31574
In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag
In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...
CVE-2026-31574
In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...
EUVD-2026-25362
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted...
PT-2026-34926
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the clockevents prevention mechanism against timer interrupt starvation occurs because the next event forced flag is not reset in certain scenarios. This failure happens when t...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET routes that change state. An attacker can cause authenticated users to unintentionally delete files or create directories by tricking them into visiting a crafted URL, as there is no validatio...
EUVD-2026-24179
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...
EUVD-2026-23498
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...
CVE-2026-40461
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...
EUVD-2026-23421
PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...
CVE-2026-40458
CVE-2026-40458 is a CSRF vulnerability in PAC4J. A malicious site can cause a user’s browser to submit forged requests with a token whose hash collides with the victim’s legitimate CSRF token, without needing the token or its hash in advance. The root cause involves collisions in the deterministi...
CVE-2026-40458
PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...