Total
6236 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3144 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3146 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtml_rss_action.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3151 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258924. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3147 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtml_map.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3145 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtml_js_action.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3143 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/member_rank.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3135 | 2024-08-01 | N/A | ||
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers to exhaust system resources, consume credits, and fill disk space by making numerous resource-intensive API calls, such as generating images or uploading files. The vulnerability stems from the application's acceptance of simple request content-types without requiring CSRF tokens or implementing other CSRF mitigation measures. Successful exploitation does not require network access to the vulnerable LocalAI environment. | ||||
| CVE-2024-3089 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-2820 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2823 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2817 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-08-01 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2559 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1889 | 2024-08-01 | 8.8 High | ||
| Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device. | ||||
| CVE-2024-2368 | 1 Wobbie | 1 Mollie Forms | 2024-08-01 | 4.3 Medium |
| The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-2376 | 1 2code | 1 Wpqa Builder | 2024-08-01 | 8.8 High |
| The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-2316 | 2024-08-01 | 4.3 Medium | ||
| A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This vulnerability affects unknown code of the file /billing/bill/edit/ of the component Update Bill Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2233 | 1 2code | 1 Himer | 2024-08-01 | 4.3 Medium |
| The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group | ||||
| CVE-2024-2235 | 1 2code | 1 Himer | 2024-08-01 | 4.3 Medium |
| The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack | ||||
| CVE-2024-2196 | 2024-08-01 | N/A | ||
| aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation. | ||||
| CVE-2024-2040 | 1 2code | 1 Himer | 2024-08-01 | 4.3 Medium |
| The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack | ||||