An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSR
A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service (DoS) through Se
A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a p
A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows
The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sa
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
Some endpoints in vulnerability-lookup that modified
application state (e.g. changing database entries, user data,
configurations, or other privileged actions) may have been accessible
via HTTP GET
Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3.
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option t
A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is ty
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during au
OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a
A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShi
OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack
due to the absence of proper CSRF validation. This issue allows an
unauthenticated attacker to trick a logged-in administrator
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery (CSRF) vulnerability was found Open-We
A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the u
A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend proces
Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10.
A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request.
Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from n
Page 1+ Next →