Total
6243 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41744 | 1 Ibm | 1 Cics Tx | 2024-11-01 | 6.5 Medium |
| IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-26351 | 2024-11-01 | 6.1 Medium | ||
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php | ||||
| CVE-2022-20861 | 1 Cisco | 1 Nexus Dashboard | 2024-11-01 | 9.8 Critical |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2024-35552 | 1 Idccms | 1 Idccms | 2024-11-01 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN. | ||||
| CVE-2024-10448 | 1 Fabianros | 1 Blood Bank Management System | 2024-11-01 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. | ||||
| CVE-2024-10040 | 1 Infinite-scroll | 1 Infinite-scroll | 2024-11-01 | 5.3 Medium |
| The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-46911 | 2024-11-01 | 4.7 Medium | ||
| Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement: https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw | ||||
| CVE-2024-43684 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-11-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0. | ||||
| CVE-2021-28656 | 2024-11-01 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | ||||
| CVE-2023-6243 | 1 Myeventon | 1 Eventon-lite | 2024-11-01 | 4.3 Medium |
| The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-25058 | 1 Brainstormforce | 1 Schema | 2024-11-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions. | ||||
| CVE-2023-32964 | 1 Madewithfuel | 1 Better Notifications For Wp | 2024-11-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions. | ||||
| CVE-2023-33315 | 1 Wandlesoftware | 1 Smart App Banner | 2024-11-01 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.2 versions. | ||||
| CVE-2022-45372 | 1 Codeixer | 1 Product Gallery Slider For Woocommerce | 2024-11-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions. | ||||
| CVE-2022-33974 | 1 Smashballoon | 1 Custom Twitter Feeds | 2024-11-01 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions. | ||||
| CVE-2022-36345 | 1 Metagauss | 1 Download Plugin | 2024-11-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions. | ||||
| CVE-2023-33926 | 1 Supsystic | 1 Easy Google Maps | 2024-11-01 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions. | ||||
| CVE-2023-33313 | 1 Themeinprogress | 1 Wip Custom Login | 2024-11-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions. | ||||
| CVE-2023-33316 | 1 Woocommerce | 1 Automatewoo | 2024-11-01 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | ||||
| CVE-2023-33931 | 1 Getbutterfly | 1 Youtube Playlist Player | 2024-11-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4 versions. | ||||