Search Results (365250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27423 1 Mijnpress 1 Auto Prune Posts 2025-01-09 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <= 1.8.0 versions.
CVE-2023-27430 1 Mijnpress 1 Mass Delete Unused Tags 2025-01-09 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <= 2.0.0 versions.
CVE-2023-25698 1 Studiowombat 1 Shoppable Images 2025-01-09 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <= 1.2.3 versions.
CVE-2023-24414 1 Robosoft 1 Robogallery 2025-01-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions.
CVE-2023-23890 1 Ljapps 1 Wp Airbnb Review Slider 2025-01-09 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions.
CVE-2023-32589 1 Pingonline 1 Dyslexiefont Free 2025-01-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions.
CVE-2022-47134 1 Gallery Metabox Project 1 Gallery Metabox 2025-01-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions.
CVE-2023-23813 1 My Calendar Project 1 My Calendar 2025-01-09 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.
CVE-2023-23712 1 User-meta 1 User Meta Manager 2025-01-09 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions.
CVE-2023-23680 1 Wp Topbar Project 1 Wp Topbar 2025-01-09 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <= 5.36 versions.
CVE-2023-22688 1 Wp Tabs Slides Project 1 Wp Tabs Slides 2025-01-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions.
CVE-2023-22692 1 Name Directory Project 1 Name Directory 2025-01-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions.
CVE-2023-22714 1 Supsystic 1 Coming Soon 2025-01-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions.
CVE-2022-47142 1 Mediamatic 1 Media Library Folders 2025-01-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.
CVE-2022-47609 1 Nicearma 1 Dnui-delete-not-used-image 2025-01-09 6.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions.
CVE-2022-47611 1 Hover Image Project 1 Hover Image 2025-01-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions.
CVE-2022-47183 1 Stylist Project 1 Stylist 2025-01-09 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.
CVE-2025-0347 2025-01-09 7.3 High
A vulnerability was found in code-projects Admission Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php of the component Login. The manipulation of the argument u_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-6451 1 Alayacare 1 Procura 2025-01-09 8.6 High
Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.
CVE-2024-29893 2 Argoproj, Redhat 2 Argo Cd, Openshift Gitops 2025-01-09 6.5 Medium
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The loadRepoIndex() function in the ArgoCD's helm package, does not limit the size nor time while fetching the data. It fetches it and creates a byte slice from the retrieved data in one go. If the registry is implemented to push data continuously, the repo server will keep allocating memory until it runs out of it. A patch for this vulnerability has been released in v2.10.3, v2.9.8, and v2.8.12.