Total
6245 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24922 | 1 Xuxueli | 1 Xxl-job | 2024-10-09 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file. | ||||
| CVE-2020-23595 | 1 Yzmcms | 1 Yzmcms | 2024-10-09 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. | ||||
| CVE-2023-6294 | 1 Sygnoos | 1 Popup Builder | 2024-10-09 | 7.2 High |
| The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. | ||||
| CVE-2024-21381 | 1 Microsoft | 2 Azure Active Directory, Azure Active Directory B2c | 2024-10-09 | 6.8 Medium |
| Microsoft Azure Active Directory B2C Spoofing Vulnerability | ||||
| CVE-2024-8520 | 1 Ultimatemember | 1 Ultimate Member | 2024-10-08 | 5.3 Medium |
| The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6499 | 1 Calenfretts | 1 Lastunes | 2024-10-08 | 5.4 Medium |
| The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2023-40351 | 1 Jenkins | 1 Favorite View | 2024-10-08 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. | ||||
| CVE-2023-40336 | 2 Jenkins, Redhat | 2 Folders, Ocp Tools | 2024-10-08 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. | ||||
| CVE-2023-40341 | 2 Jenkins, Redhat | 2 Blue Ocean, Ocp Tools | 2024-10-08 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. | ||||
| CVE-2023-40337 | 2 Jenkins, Redhat | 2 Folders, Ocp Tools | 2024-10-08 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. | ||||
| CVE-2021-43941 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-10-08 | 6.5 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | ||||
| CVE-2024-24887 | 1 Contest-gallery | 1 Contest Gallery | 2024-10-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. | ||||
| CVE-2024-24929 | 1 Ftwr | 1 Wp Contact Form | 2024-10-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form.This issue affects WP Contact Form: from n/a through 1.6. | ||||
| CVE-2023-50766 | 1 Jenkins | 1 Nexus Platform | 2024-10-08 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | ||||
| CVE-2023-47578 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-10-08 | 8.8 High |
| Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface. | ||||
| CVE-2021-43953 | 1 Atlassian | 2 Data Center, Jira | 2024-10-08 | 4.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5. | ||||
| CVE-2023-6766 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-10-08 | 4.3 Medium |
| A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896. | ||||
| CVE-2023-23731 | 1 Hasthemes | 1 Wishsuite | 2024-10-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions. | ||||
| CVE-2023-22695 | 1 Wpgogo | 1 Custom Field Template | 2024-10-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions. | ||||
| CVE-2023-25478 | 1 Weather Station Project | 1 Weather Station | 2024-10-07 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12 versions. | ||||