CVE-2026-38057: CWE-352 Cross-Site request forgery in ST Engineering iDirect Evolution iQ‑Series terminals
ST Engineering iDirect Evolution iQ-Series terminals have a cross-site request forgery (CSRF) vulnerability in the iQ200 model. The /api/reboot endpoint does not validate CSRF tokens and relies…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along
Understanding Cross-Site Request Forgery (CSRF) Attacks and Countermeasures
Cross-Site Request Forgery countermeasures can be greatly simplified using request metadata provided by modern browsers.
Broadcom Discloses Three Stored XSS Vulnerabilities in VMware Cloud Foundation Operations
Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation Operations and several rela
cybersecuritynews.com·1mo agoCritical SimpleHelp Vulnerability (CVE-2026-48558) Enables Malware Delivery via Forged Authentication Tokens
CVE-2026-48558 lets attackers forge OIDC identity tokens to gain fully authenticated technician sessions in SimpleHelp RMM, enabling file tr
CWE Top 25 for 2019
In case you weren’t aware of it, there is now a 2019 version of the CWE Top 25 list . This list attempts to rank what are the most important

WAF - WAF Release - 2026-04-21
This week's release introduces a new detection for a Remote Code Execution (RCE) vulnerability in Apache ActiveMQ (CVE-2026-34197) and an up

Comments
Sign in to join the conversation.
No comments yet. Be the first.