Verification Request Identified
- Risk:
Informational
- Type:
- Passive
- Summary
The given request has been identified as a good candidate for authentication verification. If the request is in a context which has a Verification Strategy set to “Poll” but where the URL is empty then this rule will fill in the correct values.
- Solution
This is an informational alert rather than a vulnerability and so there is nothing to fix.
Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign
Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation
Genetic data site openSNP to close and delete data over privacy concerns
Verizon Call Filter API flaw exposed customers' incoming call history
GitHub expands security tools after 39 million secrets leaked in 2024
Royal Mail investigates data leak claims, no impact on operations
Police shuts down KidFlix child sexual exploitation platform
The Reality Behind Security Control Failures—And How to Prevent Them
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalCORS Header
LowStrict-Transport-Security Malformed Content (Non-compliant with Spec)
HighSession Fixation
MediumReverse Tabnabbing
InformationalSplit Viewstate in Use
HighCWE-772 Missing Release of Resource after Effective Lifetime
CWE-1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
CWE-1276 Hardware Child Block Incorrectly Connected to Parent System
CWE-1087 Class with Virtual Method without a Virtual Destructor
CWE-164 Improper Neutralization of Internal Special Elements
CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Free online web security scanner