Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51688 | 2024-11-15 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro FraudLabs Pro SMS Verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through 1.10.1. | |||||
| CVE-2024-47914 | 2024-11-15 | N/A | N/A | ||
| VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF) | |||||
| CVE-2024-51658 | 2024-11-15 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager allows Stored XSS.This issue affects WP Course Manager: from n/a through 1.3. | |||||
| CVE-2024-51687 | 2024-11-15 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Platform.Ly Platform.Ly Official allows Stored XSS.This issue affects Platform.Ly Official: from n/a through 1.1.3. | |||||
| CVE-2024-51684 | 2024-11-15 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO allows Stored XSS.This issue affects W3P SEO: from n/a before 1.8.6. | |||||
| CVE-2024-51659 | 2024-11-15 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through 2.0. | |||||
| CVE-2024-51484 | 1 Ampache | 1 Ampache | 2024-11-14 | N/A | 8.1 HIGH |
| Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-51489 | 1 Ampache | 1 Ampache | 2024-11-14 | N/A | 5.4 MEDIUM |
| Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-51488 | 1 Ampache | 1 Ampache | 2024-11-14 | N/A | 5.4 MEDIUM |
| Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-51485 | 1 Ampache | 1 Ampache | 2024-11-14 | N/A | 8.1 HIGH |
| Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-51487 | 1 Ampache | 1 Ampache | 2024-11-14 | N/A | 8.1 HIGH |
| Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-51630 | 2024-11-12 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1. | |||||
| CVE-2024-51647 | 2024-11-12 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25. | |||||
| CVE-2024-24777 | 1 Level1 | 2 Wbr-6012, Wbr-6012 Firmware | 2024-11-08 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability. | |||||
| CVE-2024-49340 | 1 Ibm | 1 Watson Studio Local | 2024-11-08 | N/A | 8.8 HIGH |
| IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2024-46872 | 1 Mattermost | 1 Mattermost Server | 2024-11-08 | N/A | 4.6 MEDIUM |
| Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks | |||||
| CVE-2024-10711 | 1 Ithemelandco | 1 Woocommerce Report | 2024-11-07 | N/A | 8.8 HIGH |
| The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-50466 | 1 Darkmysite | 1 Darkmysite | 2024-11-06 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8. | |||||
| CVE-2024-9990 | 1 Odude | 1 Crypto Tool | 2024-11-06 | N/A | 8.8 HIGH |
| The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-49223 | 1 Shibulijack | 1 Cj Change Howdy | 2024-11-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1. | |||||