Lucene search
K

105 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-44342

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...

5.3CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-57242

The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash...

7.8CVSS0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-57242

The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/07/06 10:16 p.m.9 views

CVE-2026-32718

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, mutating API validation endpoints are guarded by read ability, allowing read-scoped API tokens to perform state-changing operations such as validating cloud tokens and...

6.5CVSS0.00213EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 9:4 p.m.2 views

CVE-2026-32718 Coolify read-scoped API tokens can perform state-changing validation operations

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, mutating API validation endpoints are guarded by read ability, allowing read-scoped API tokens to perform state-changing operations such as validating cloud tokens and...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.13 views

CVE-2026-4986

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

5.3CVSS5.6AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40928

WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under objects/ accept state-changing requests via $REQUEST/$GET and persist changes tied to the caller's session user, without any anti-CSRF token, origin check, or referer check. A malicious...

5.4CVSS5.4AI score0.00115EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40458

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

7CVSS5.3AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Apache Airflow 信息泄露漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of...

8.8CVSS5.9AI score0.00489EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/29 6:49 a.m.15 views

CVE-2026-41074

A flaw was found in RT, an open-source issue and ticket tracking system. This Cross-Site Request Forgery CSRF vulnerability allows a remote attacker to trick a logged-in user into visiting a malicious web page. If successful, the attacker can then perform arbitrary state-changing actions within R...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.13 views

Request Tracker 跨站请求伪造漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions 6.0.0 to 6.0.2 of Request Tracker contain a cross-site request forgeing vulnerability. This vulnerability arises from cross-site request forgery, allowing attackers to induce logged-in users to acce...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References2
NVD
NVD
added 2026/05/17 1:16 p.m.17 views

CVE-2018-25327

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

6.9CVSS0.00143EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25327 Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery

Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modi...

6.9CVSS5.7AI score0.00143EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 12:11 p.m.20 views

CVE-2018-25327

Joomla! Component Js Jobs 1.2.0 is affected by a Cross-Site Request Forgery vulnerability that allows attackers to perform state-changing actions without token validation. By tricking an administrator into visiting a malicious page, an attacker can target endpoints such as job.jobenforcedelete to...

6.9CVSS5.7AI score0.00143EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

HireFlow 安全漏洞

HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the fact that all POST endpoints for state changes do not implement CSRF token verificatio...

8.1CVSS5.9AI score0.00168EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/04/25 1:39 a.m.12 views

SUSE CVE-2026-31574

In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...

5.5CVSS5.5AI score0.00107EPSS
Exploits0References3
OSV
OSV
added 2026/04/24 3:16 p.m.7 views

DEBIAN-CVE-2026-31574

In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...

5.5CVSS5.3AI score0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 2:42 p.m.37 views

CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag

In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...

0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:42 p.m.9 views

CVE-2026-31574

In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...

5.4AI score0.00107EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/24 12:2 a.m.4 views

EUVD-2026-25362

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted...

9.8CVSS5.8AI score0.00546EPSS
Exploits0References3
Rows per page
Query Builder