Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Vulnrichment
Vulnrichmentadded 2026/04/29 7:24 p.m.2 views

CVE-2018-25298 Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/24 9:41 a.m.5 views

CVE-2026-33252

A flaw was found in the Go MCP SDK's Streamable HTTP transport, which uses Go's standard encoding/json package. In deployments without authorization, a remote attacker can exploit this Cross-Site Request Forgery CSRF vulnerability. By sending browser-generated cross-site POST requests to a local...

7.1CVSS5.7AI score0.00178EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/18 9:30 a.m.2 views

EUVD-2026-12794

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...

7.1CVSS5.9AI score0.00178EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2021-24864

Malware in sbrugna...

9.8CVSS9.2AI score0.01261EPSS
Exploits0References2
NVD
NVDadded 2022/08/29 6:15 p.m.21 views

CVE-2022-2556

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for...

2.7CVSS0.00608EPSS
Exploits2References1
Prion
Prionadded 2022/08/29 6:15 p.m.18 views

Cross site request forgery (csrf)

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users such as subscriber to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan priva...

4CVSS4.7AI score0.00563EPSS
Exploits2References1Affected Software1
CNVD
CNVDadded 2018/05/11 12:0 a.m.4 views

Silex SD-320AN and GE MobileLink Unauthorized Operation Vulnerability

Silex SD-320AN is a serial device server from Silex Technology, Japan. GE MobileLink GEH-500 is an electrocardiogram analysis system from General Electric GE. A security vulnerability exists in Silex SX-500 and GE MobileLink GEH-500 versions 1.54 and earlier, which arises from the program's failu...

6.5CVSS7AI score0.01079EPSS
Exploits0References1
Veracode
Veracodeadded 2018/04/30 7:1 a.m.32 views

Cross-site Request Forgery (CSRF)

github.com/coreos/etcd is vulnerable to cross-site request forgery CSRF attacks. The vulnerability exists as there are no host whitelists in place to prevent unauthorized websites from sending unauthorized POST requests to the etcd server...

8.8CVSS8.4AI score0.01266EPSS
Exploits1References6Affected Software2
Rows per page
Query Builder