CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in /.ssh/knownhosts without comparing the server's...

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it is an open-source tool used for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 had a data manipulation vulnerability...

IBM ApplinX Cross-Site Request Forgery Vulnerability (CNVD-2026-10656)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is from a...

CVE-2023-49564

CVE-2023-49564 : The CBIS/NCS Manager API is vulnerable to an authentication bypass. A specially crafted HTTP header from an unauthenticated user can access restricted API functions. Root cause is a weak verification mechanism in the authentication implementation within the Nginx Podman container...

GHSA-W7R3-MGWF-4MQQ Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain

A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially...

The vulnerability of the update mechanism of the software-hardware protection system ViPNet Client 4 allows a perpetrator to execute software that simulates an update.

The vulnerability of the software-hardware protection mechanism ViPNet Client 4 is related to the insufficient number of verifications of the legitimacy of updates sent via the mftp transport protocol. This vulnerability can only be exploited by a internal intruder with elevated privileges who...

GPT Academic 跨站请求伪造漏洞

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site request forgery vulnerability that stems from a WEB application that does not adequately verify that a request is from a trusted user. An attacke...

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. Kashipara Music Management System v1.0 has a cross-site request forgery vulnerability, which originates from the /music/ajax.php?action=saveuser page does not adequately verify whether the request is from a trusted use...

Warehouse Inventory System 安全漏洞

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the editcategorie.php component not adequately verifying that a request comes from a...

Warehouse Inventory System 安全漏洞

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the addproduct.php component not adequately verifying that a request comes from a truste...

The vulnerability of the application integration function for Cisco WebEx Meetings allows attackers to perform cross-site fraudulently.

The vulnerability of the application integration function for Cisco WebEx Meetings relates to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to perform inter-site spoofing of requests remotely...

Grafana 跨站请求伪造漏洞

Grafana is an open source monitoring tool from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. A cross-site request forgery vulnerability exists in Grafana, which stems from the product's failure to...

WellCMS 代码问题漏洞

WellCMS is an open source with a billion load, tend to mobile, lightweight, with ultra-fast response ability of high load CMS, is a large amount of data, high concurrency access to the site's best choice of light CMS. has a safe, efficient, stable, ultra-fast speed, super load characteristics. A...

WordPress peters-login-redirect plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. peters-login-redirect is a redirection plugin used in it. A cross-site request forgery vulnerability exists in the WordPress...

CVE-2017-7906

In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user...

Ubiquiti Robotics Alpha2 Android app has a parallel override vulnerability

Ubitus is a company that integrates artificial intelligence and humanoid robotics research and development, platform software development and utilization, and product sales. A parallel override vulnerability exists in the Ubitus Robotics Alpha2 Android app. Due to the Ubiquiti Alpha2 Android app'...