Threats Tagged 'cve-2026-25151'
View all threats tagged with 'cve-2026-25151'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-25151'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-25151: CWE-352: Cross-Site Request Forgery (CSRF) in QwikDev qwikCVE-2026-25151 0 CVE-2026-25151 is a Cross-Site Request Forgery (CSRF) vulnerability in QwikDev's Qwik JavaScript framework versions prior to 1.19.0. The issue arises from inconsistent interpretation of HTTP request headers, specifically Content-Type headers, by Qwik City's server-side request handler. This flaw allows remote attackers to bypass CSRF protections by crafting or using multi-valued Content-Type headers, potentially leading to unauthorized actions with elevated integrity impact. The vulnerability has a CVSS score of 5.9 (medium severity) and requires user interaction but no authentication. It affects web applications built on vulnerable Qwik versions and has no known exploits in the wild yet. The issue was patched in version 1.19. Join the discussion | CVE Database V5 | 02/03/2026, 21:12:25 UTC Added: 02/03/2026, 21:30:11 UTC |
Showing 1 to 1 of 1 result