| CVE-2026-59713 |
2026-07-06 |
Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with a… |
| CVE-2026-14800 |
2026-07-06 |
A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request fo… |
| CVE-2026-59520 |
2026-07-05 |
Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery.
This issue affects CrawlWP SEO: from n/a through 3.0.16. |
| CVE-2026-12746 |
2026-07-04 |
Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter.
The authentication_url method builds the provider authorization redirect without iss… |
| CVE-2026-12740 |
2026-07-04 |
Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter.
RequestTokenV2 builds the provider authorization redirect without issuing a state value, and Acce… |
| CVE-2026-14620 |
2026-07-03 |
webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GE… |
| CVE-2026-57766 |
2026-07-02 |
Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions. |
| CVE-2026-57761 |
2026-07-02 |
Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. |
| CVE-2026-57759 |
2026-07-02 |
Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions. |
| CVE-2026-57758 |
2026-07-02 |
Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions. |
| CVE-2026-57757 |
2026-07-02 |
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions. |
| CVE-2026-57751 |
2026-07-02 |
Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions. |
| CVE-2026-57747 |
2026-07-02 |
Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions. |
| CVE-2026-57690 |
2026-07-02 |
Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions. |
| CVE-2026-57723 |
2026-07-01 |
Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal.
This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8… |
| CVE-2026-12158 |
2026-07-01 |
The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorre… |
| CVE-2026-58518 |
2026-07-01 |
Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery.
This issue affects Mediawiki - RedirectManager Ext… |
| CVE-2026-11981 |
2026-07-01 |
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the give_set_notification_status_handler… |
| CVE-2026-14016 |
2026-06-30 |
Inappropriate implementation in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2026-13963 |
2026-06-30 |
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafte… |