Total
6247 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0480 | 1 Vitalpbx | 1 Vitalpbx | 2024-08-02 | 8.8 High |
| VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF. | ||||
| CVE-2023-0438 | 1 Modoboa | 1 Modoboa | 2024-08-02 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2023-0406 | 1 Modoboa | 1 Modoboa | 2024-08-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2023-0335 | 1 Wpvar | 1 Wp Shamsi | 2024-08-02 | 6.5 Medium |
| The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. | ||||
| CVE-2023-0398 | 1 Modoboa | 1 Modoboa | 2024-08-02 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2023-0336 | 1 Ooohboi Steroids For Elementor Project | 1 Ooohboi Steroids For Elementor | 2024-08-02 | 6.5 Medium |
| The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. | ||||
| CVE-2023-0088 | 1 Swifty Page Manager Project | 1 Swifty Page Manager | 2024-08-02 | 8.8 High |
| The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page creation and deletion among other things. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-41602 | 2024-08-02 | 8.8 High | ||
| Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL | ||||
| CVE-2024-41603 | 2024-08-02 | 9.6 Critical | ||
| Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout. | ||||
| CVE-2024-41597 | 1 Processwire | 1 Processwire | 2024-08-02 | 4.2 Medium |
| Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. | ||||
| CVE-2024-40603 | 1 Mediawiki | 1 Mediawiki | 2024-08-02 | 4.3 Medium |
| An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request. | ||||
| CVE-2024-40329 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup | ||||
| CVE-2024-40328 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 6.3 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6 | ||||
| CVE-2024-40037 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del | ||||
| CVE-2024-40332 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2024-08-02 | 6.8 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord | ||||
| CVE-2024-40038 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 5.3 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev | ||||
| CVE-2024-40039 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del | ||||
| CVE-2024-40035 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 5.9 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add. | ||||
| CVE-2024-40119 | 1 Nepstech | 1 Ntpl-xpon1gfevn Firmware | 2024-08-02 | 8.8 High |
| Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote attackers to change the admin password without the user's consent, leading to a potential account takeover. | ||||
| CVE-2024-40034 | 1 Idccms Project | 1 Idccms | 2024-08-02 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del | ||||