Total
6247 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2228 | 1 Modoboa | 1 Modoboa | 2024-08-02 | 6.8 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0. | ||||
| CVE-2023-2195 | 1 Jenkins | 1 Code Dx | 2024-08-02 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2023-1965 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 6.8 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default. | ||||
| CVE-2023-1937 | 1 My-blog Project | 1 My-blog | 2024-08-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264. | ||||
| CVE-2023-1923 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-08-02 | 4.3 Medium |
| The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-1722 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2024-08-02 | 9.1 Critical |
| Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | ||||
| CVE-2023-1472 | 1 Rapidload | 1 Rapidload Power-up For Autoptimize | 2024-08-02 | 6.3 Medium |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Actions include resetting the API key, accessing or deleting log files, and deleting cache among others. | ||||
| CVE-2023-1205 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-08-02 | 8.8 High |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | ||||
| CVE-2023-1089 | 1 Hasthemes | 1 Coupon Zen | 2024-08-02 | 4.3 Medium |
| The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | ||||
| CVE-2023-1029 | 1 Joomunited | 1 Wp Meta Seo | 2024-08-02 | 4.3 Medium |
| The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-0988 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-08-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability. | ||||
| CVE-2023-1033 | 1 Froxlor | 1 Froxlor | 2024-08-02 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11. | ||||
| CVE-2023-0999 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2024-08-02 | 4.3 Medium |
| A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0870 | 1 Opennms | 2 Horizon, Meridian | 2024-08-02 | 8.1 High |
| A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2023-0763 | 1 Infigosoftware | 1 Clock In Portal- Staff \& Attendance Management | 2024-08-02 | 4.3 Medium |
| The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack | ||||
| CVE-2023-0824 | 1 Wpuserplus | 1 Userplus | 2024-08-02 | 6.5 Medium |
| The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2023-0735 | 1 Wallabag | 1 Wallabag | 2024-08-02 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. | ||||
| CVE-2023-0674 | 1 Xuxueli | 1 Xxl-job | 2024-08-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196. | ||||
| CVE-2023-0642 | 1 Squidex.io | 1 Squidex | 2024-08-02 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. | ||||
| CVE-2023-0498 | 1 Hasthemes | 1 Wp Education | 2024-08-02 | 4.3 Medium |
| The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | ||||