Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35793 | 1 Cassianetworks | 1 Access Controller | 2024-08-02 | 8.8 High |
| An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks. | ||||
| CVE-2023-35141 | 1 Jenkins | 1 Jenkins | 2024-08-02 | 8.0 High |
| In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. | ||||
| CVE-2023-35148 | 1 Jenkins | 1 Digital.ai App Management Publisher | 2024-08-02 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | ||||
| CVE-2023-34927 | 1 Casbin | 1 Casdoor | 2024-08-02 | 6.5 Medium |
| Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL. | ||||
| CVE-2023-34839 | 1 Issabel | 1 Pbx | 2024-08-02 | 6.8 Medium |
| A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application. | ||||
| CVE-2024-3238 | 1 Looks Awesome | 1 Superfly Responsive Menu | 2024-08-02 | 8.8 High |
| The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajax_handle_delete_icons() function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please not the CSRF was patched in 5.0.28, however, adequate directory traversal protection wasn't introduced until 5.0.30. | ||||
| CVE-2024-2904 | 2024-08-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33. | ||||
| CVE-2023-34185 | 1 Wordpress Nextgen Galleryview Project | 1 Wordpress Nextgen Galleryview | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions. | ||||
| CVE-2023-34029 | 1 Disable Wordpress Update Notifications And Auto-update Email Notifications Project | 1 Disable Wordpress Update Notifications And Auto-update Email Notifications | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions. | ||||
| CVE-2023-34030 | 1 Really-simple-plugins | 1 Complianz | 2024-08-02 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7. | ||||
| CVE-2023-33409 | 1 Minical | 1 Minical | 2024-08-02 | 6.5 Medium |
| Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. | ||||
| CVE-2023-33359 | 1 Piwigo | 1 Piwigo | 2024-08-02 | 4.3 Medium |
| Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. | ||||
| CVE-2023-33333 | 1 Really-simple-plugins | 1 Complianz | 2024-08-02 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1. | ||||
| CVE-2023-32978 | 1 Jenkins | 1 Lightweight Directory Access Protocol | 2024-08-02 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | ||||
| CVE-2023-32989 | 1 Jenkins | 1 Azure Vm Agents | 2024-08-02 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. | ||||
| CVE-2023-33003 | 1 Jenkins | 1 Tag Profiler | 2024-08-02 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. | ||||
| CVE-2023-32998 | 1 Jenkins | 1 Appspider | 2024-08-02 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | ||||
| CVE-2023-32980 | 2 Jenkins, Redhat | 2 Email Extension, Openshift | 2024-08-02 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. | ||||
| CVE-2023-32995 | 1 Jenkins | 1 Saml Single Sign On | 2024-08-02 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. | ||||
| CVE-2023-32991 | 1 Jenkins | 1 Saml Single Sign On | 2024-08-02 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. | ||||