Total
6247 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44677 | 1 Eladmin | 1 Eladmin | 2024-09-25 | 9.8 Critical |
| eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. | ||||
| CVE-2024-46086 | 1 Frogcms Project | 1 Frogcms | 2024-09-25 | 8.8 High |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123 | ||||
| CVE-2023-25482 | 1 Keetrax | 1 Wp Tiles | 2024-09-25 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2 versions. | ||||
| CVE-2023-25473 | 1 Flickr Justified Gallery Project | 1 Flickr Justified Gallery | 2024-09-25 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions. | ||||
| CVE-2022-46857 | 1 Sitealert | 1 Sitealert | 2024-09-25 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. | ||||
| CVE-2022-45828 | 1 Nootheme | 1 Noo Timetable | 2024-09-25 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions. | ||||
| CVE-2023-25475 | 1 Smart Youtube Pro Project | 1 Smart Youtube Pro | 2024-09-25 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3 versions. | ||||
| CVE-2023-37386 | 1 Codexin | 1 Media Library Helper | 2024-09-25 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin <= 1.2.0 versions. | ||||
| CVE-2022-47169 | 1 Staxwp | 1 Visibility Logic For Elementor | 2024-09-25 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions. | ||||
| CVE-2023-25036 | 1 Social Media Icons Widget Project | 1 Social Media Icons Widget | 2024-09-25 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin <= 1.6 versions. | ||||
| CVE-2023-38512 | 1 Wpstream | 1 Wpstream | 2024-09-25 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on Demand, Pay Per View plugin <= 4.5.4 versions. | ||||
| CVE-2024-46394 | 1 Frogcms Project | 1 Frogcms | 2024-09-25 | 8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add | ||||
| CVE-2023-41801 | 1 Strategy11 | 1 Awp Classifieds | 2024-09-25 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions. | ||||
| CVE-2023-42321 | 1 Icmsdev | 1 Icms | 2024-09-25 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. | ||||
| CVE-2023-5036 | 1 Usememos | 1 Memos | 2024-09-25 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. | ||||
| CVE-2023-43500 | 1 Jenkins | 1 Build Failure Analyzer | 2024-09-24 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | ||||
| CVE-2023-43502 | 1 Jenkins | 1 Build Failure Analyzer | 2024-09-24 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. | ||||
| CVE-2024-44064 | 1 Likebtn | 1 Like Button Rating | 2024-09-24 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54. | ||||
| CVE-2023-39446 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-09-24 | 8.9 High |
| Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application. | ||||
| CVE-2023-43278 | 1 Seacms | 1 Seacms | 2024-09-24 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. | ||||