Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 8:54 p.m.3 views

CVE-2026-45677

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...

8.7CVSS6AI score0.00451EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:37 p.m.6 views

WordPress Secufor_OAuth plugin <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout vulnerability

Missing Authorization to Unauthenticated Account Logout vulnerability discovered by SHIVAM KUMAR in WordPress Plugin SecuforOAuth versions = 1.0.7...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/10 3:15 a.m.2 views

CVE-2024-8477

The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init function. This makes it possible fo...

4.3CVSS5.6AI score0.00165EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/03 5:15 a.m.6 views

CVE-2023-2416

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia...

6.5CVSS6.8AI score0.00394EPSS
Exploits2References4
Rows per page
Query Builder