Total
6233 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1257 | 5 Apple, Cisco, Linux and 2 more | 5 Macos, Dna Center, Linux Kernel and 2 more | 2024-11-12 | 8.8 High |
| A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. | ||||
| CVE-2024-22140 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-12 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | ||||
| CVE-2022-29561 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-11-12 | 7.5 High |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. | ||||
| CVE-2024-11125 | 1 Get-simple | 1 Getsimplecms | 2024-11-12 | 4.3 Medium |
| A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-52002 | 2024-11-12 | N/A | ||
| Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-24007 | 1 Admin Block Country Project | 1 Admin Block Country | 2024-11-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions. | ||||
| CVE-2023-25038 | 1 984.ru | 1 For The Visually Impaired | 2024-11-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions. | ||||
| CVE-2024-51630 | 2024-11-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1. | ||||
| CVE-2024-51647 | 2024-11-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25. | ||||
| CVE-2024-51489 | 2024-11-12 | N/A | ||
| Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-51485 | 2024-11-12 | N/A | ||
| Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-51484 | 2024-11-12 | N/A | ||
| Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-51487 | 2024-11-12 | N/A | ||
| Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-51488 | 2024-11-12 | N/A | ||
| Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-49617 | 1 Bhaskardhote | 1 Back Link Tracker | 2024-11-11 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0. | ||||
| CVE-2023-2286 | 1 Wpwhitesecurity | 1 Wp Activity Log | 2024-11-09 | 4.3 Medium |
| The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-1227 | 1 Cisco | 46 Mds 9148s, Mds 9250i, Mds 9706 and 43 more | 2024-11-08 | 8.1 High |
| A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default. | ||||
| CVE-2024-10922 | 2024-11-08 | 6.1 Medium | ||
| The Featured Posts Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.25. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-11919 | 1 Svakom | 1 Svakom Siime Eye Firmware | 2024-11-08 | 8 High |
| An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection. | ||||
| CVE-2019-20460 | 1 Epson | 1 Xp-255 | 2024-11-08 | 8.8 High |
| An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For example, an attack could deliver a worrisome printout to an end user. | ||||