CSRF Archives • Daily CyberSecurity

ASUS Issues Security Patch for Router Vulnerability CVE-2023-39238 ASUS Router Update CVE-2025-15101

ASUS Issues Security Patch for Router Vulnerability

Do Son April 1, 2026

In a move to fortify home and office networks, ASUS has released a security update for several...

GitLab Critical Alert: High-Severity Flaws Allow App Impersonation and AI Token Leaks GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

GitLab Critical Alert: High-Severity Flaws Allow App Impersonation and AI Token Leaks

Do Son March 25, 2026

GitLab has released a critical security advisory alongside versions 18.10.1, 18.9.3, and 18.8.7 for its Community (CE)...

Roundcube Webmail Hits Critical Update: New Security Fixes Target Hidden Vulnerabilities Roundcube Webmail security updates Roundcube Webmail Security Roundcube 1.6.14 Update

Roundcube Webmail security updates Roundcube Webmail Security Roundcube 1.6.14 Update

Roundcube Webmail Hits Critical Update: New Security Fixes Target Hidden Vulnerabilities

Do Son March 23, 2026

Roundcube Webmail has released a high-priority security update, version 1.6.14, aimed at patching several significant vulnerabilities that...

The “Styles” Trap: 500,000 VK Accounts Hijacked by Chrome Extensions VK Malicious Extensions VK Styles Campaign

The “Styles” Trap: 500,000 VK Accounts Hijacked by Chrome Extensions

Do Son February 17, 2026

A massive malware campaign targeting Russia’s largest social network, VKontakte (VK), has been uncovered, revealing that over...

Triple Threat Patched: Zimbra 10.1.16 Fixes XSS, XXE & LDAP Injection

Do Son February 13, 2026

Zimbra has rolled out a significant security update for its collaboration suite, releasing Zimbra 10.1.16 to address...

“Fiber” Optic Failure: Predictable UUIDs Expose Go Web Framework to Hijacking CVE-2024-25124 Fiber Framework Vulnerability CVE-2025-66630

“Fiber” Optic Failure: Predictable UUIDs Expose Go Web Framework to Hijacking

Do Son February 11, 2026

A critical vulnerability has been uncovered in Fiber, the high-performance web framework for Go that powers countless...

Angular Alert: Protocol-Relative URLs Leak XSRF Tokens (CVE-2025-66035) Angular, CVE-2025-66035

Angular Alert: Protocol-Relative URLs Leak XSRF Tokens (CVE-2025-66035)

Do Son November 27, 2025

The Angular team has issued a high-severity security advisory regarding a logic flaw in the framework’s HTTP...

Spring Patches Two Flaws: SpEL Injection (CVE-2025-41253) Leaks Secrets, STOMP CSRF Bypasses WebSocket Security Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Spring Patches Two Flaws: SpEL Injection (CVE-2025-41253) Leaks Secrets, STOMP CSRF Bypasses WebSocket Security

Do Son October 17, 2025

VMware Tanzu’s Spring team has released fixes for two vulnerabilities impacting Spring Cloud Gateway and the Spring...

CVE-2025-43856: OAuth2 Account Hijacking Flaw Found in Immich, a Popular Self-Hosted Photo Platform Immich, Account Hijacking

CVE-2025-43856: OAuth2 Account Hijacking Flaw Found in Immich, a Popular Self-Hosted Photo Platform

Do Son July 15, 2025

A critical vulnerability has been disclosed in Immich, a rapidly growing open-source project for self-hosted photo and...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

Critical Sunshine Flaw: Remote Command Execution via App-Wide CSRF

Do Son July 1, 2025

In the golden age of remote gaming and self-hosted services, Sunshine has emerged as a popular and...

Flaws in Weidmueller IE-SR-2TX Routers Allow Remote Root Access! Weidmueller, Critical Vulnerabilities

Flaws in Weidmueller IE-SR-2TX Routers Allow Remote Root Access!

Do Son June 12, 2025

A recent coordinated security advisory issued by CERT@VDE and Weidmueller has disclosed three critical vulnerabilities affecting the...

Siemens Security Alert: Critical Vulnerabilities in SENTRON 7KT PAC1260 Data Manager Siemens RTLS, CVE-2025-40746 CVE-2024-22040 - SINEC Security Monitor Siemens Security Advisory SENTRON 7KT PAC1260

Siemens RTLS, CVE-2025-40746 CVE-2024-22040 - SINEC Security Monitor Siemens Security Advisory SENTRON 7KT PAC1260

Siemens Security Alert: Critical Vulnerabilities in SENTRON 7KT PAC1260 Data Manager

Do Son April 9, 2025

In a recent security advisory, Siemens ProductCERT has revealed multiple critical vulnerabilities affecting the SENTRON 7KT PAC1260...

What are CSRF tokens and how do they work?

Do Son October 25, 2017

Understanding CSRF The Express team’s csrf and csurf modules frequently have issues popping up concerned about our usage of cryptographic functions....

Critical Alert 3 Active Exploits Detected Today

Critical Alert