Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43278 | 1 Seacms | 1 Seacms | 2024-09-24 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. | ||||
| CVE-2023-2508 | 2 Apple, Papercut | 2 Macos, Mobility Print Server | 2024-09-24 | 5.3 Medium |
| The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. | ||||
| CVE-2024-1879 | 1 Agpt | 1 Autogpt | 2024-09-24 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious website. This site can then send crafted requests to the AutoGPT server, leading to command execution. The issue is exacerbated by CORS being enabled for arbitrary origins by default, allowing the attacker to read the response of all cross-site queries. This vulnerability was addressed in version 5.1. | ||||
| CVE-2023-41452 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-09-24 | 8.8 High |
| Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. | ||||
| CVE-2023-44161 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-23 | 6.5 Medium |
| Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | ||||
| CVE-2023-40558 | 1 Emarketdesign | 1 Youtube Video Gallery | 2024-09-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions. | ||||
| CVE-2023-2830 | 1 Trustindex | 1 Wp Testimonials | 2024-09-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions. | ||||
| CVE-2023-40048 | 1 Progress | 1 Ws Ftp Server | 2024-09-23 | 6.8 Medium |
| In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function. | ||||
| CVE-2023-24518 | 1 Pandorafms | 1 Pandora Fms | 2024-09-23 | 6.7 Medium |
| A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms. | ||||
| CVE-2023-25463 | 1 Gopiplus | 1 Wp-tell-a-friend-popup-form | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions. | ||||
| CVE-2023-38390 | 1 Anshullabs | 1 Mobile Address Bar Changer | 2024-09-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions. | ||||
| CVE-2023-38396 | 1 Web-argument | 1 Google-map-shortcode | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions. | ||||
| CVE-2023-37990 | 1 Perelink Pro Project | 1 Perelink Pro | 2024-09-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions. | ||||
| CVE-2023-38398 | 1 Tablooa | 1 Tablooa | 2024-09-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions. | ||||
| CVE-2023-4659 | 1 Free5gc | 1 Free5gc | 2024-09-20 | 9.8 Critical |
| Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication. | ||||
| CVE-2023-37891 | 1 Optimonk | 1 Optimonk\ | 2024-09-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions. | ||||
| CVE-2023-40009 | 1 Thimpress | 1 Wp Pipes | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. | ||||
| CVE-2023-32091 | 1 Poeditor | 1 Poeditor | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. | ||||
| CVE-2023-27435 | 1 Yasglobal | 1 Http Auth | 2024-09-20 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions. | ||||
| CVE-2023-37991 | 1 Monchito | 1 Wp Emoji One | 2024-09-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions. | ||||