Total
6243 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24593 | 1 Clear | 1 Clearml | 2024-08-01 | 9.6 Critical |
| A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks. | ||||
| CVE-2024-24470 | 1 Flusity | 1 Flusity | 2024-08-01 | 8.8 High |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. | ||||
| CVE-2024-24524 | 1 Flusity | 1 Flusity | 2024-08-01 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. | ||||
| CVE-2024-24468 | 1 Flusity | 1 Flusity | 2024-08-01 | 8.8 High |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. | ||||
| CVE-2024-22859 | 1 Laravel | 1 Livewire | 2024-08-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem. | ||||
| CVE-2024-23902 | 1 Jenkins | 1 Github Branch Source | 2024-08-01 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2024-23736 | 2024-08-01 | 8.8 High | ||
| Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | ||||
| CVE-2024-23597 | 2024-08-01 | 4.3 Medium | ||
| Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a. | ||||
| CVE-2024-23519 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7. | ||||
| CVE-2024-23554 | 2024-08-01 | 5.7 Medium | ||
| Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). | ||||
| CVE-2024-23510 | 2024-08-01 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8. | ||||
| CVE-2024-23515 | 2024-08-01 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159. | ||||
| CVE-2024-23319 | 1 Mattermost | 1 Mattermost Server | 2024-08-01 | 3.5 Low |
| Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message. | ||||
| CVE-2024-23094 | 2024-08-01 | 8.8 High | ||
| Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php | ||||
| CVE-2024-22592 | 1 Flycms Project | 1 Flycms | 2024-08-01 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update | ||||
| CVE-2024-22818 | 1 Flycms Project | 1 Flycms | 2024-08-01 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save | ||||
| CVE-2024-22819 | 1 Flycms Project | 1 Flycms | 2024-08-01 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. | ||||
| CVE-2024-22568 | 1 Flycms Project | 1 Flycms | 2024-08-01 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. | ||||
| CVE-2024-22715 | 1 Codelyfe | 1 Stupid Simple Cms | 2024-08-01 | 8.8 High |
| Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php. | ||||
| CVE-2024-22601 | 1 Flycms Project | 1 Flycms | 2024-08-01 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save | ||||