Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0638: Update UserLogoutController.php · microweber/microweber@756096d

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.

CVE
Open in Source
#csrf#web

@@ -5,6 +5,7 @@

use App\Http\Resources\User\UserResource;

use Illuminate\Http\Request;

use Illuminate\Routing\Controller;

use Illuminate\Support\Facades\Auth;

use MicroweberPackages\App\Http\Middleware\SameSiteRefererMiddleware;

class UserLogoutController extends Controller

@@ -42,7 +43,11 @@ public function index(Request $request)

public function submit(Request $request)

{

return logout();

Auth::logout();

$url = site_url();

return app()->url_manager->redirect($url);

}

}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE