Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49221 | 1 Julianweinert | 1 Cslider | 2024-11-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2. | |||||
| CVE-2024-49220 | 1 Cookie-scanner | 1 Cookie Scanner | 2024-11-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1. | |||||
| CVE-2024-49229 | 1 Arifnezami | 1 Better Author Bio | 2024-11-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11. | |||||
| CVE-2024-49237 | 1 Ahmetimamoglu | 1 Ahmeti Wp Timeline | 2024-11-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1. | |||||
| CVE-2024-31998 | 1 Combodo | 1 Itop | 2024-11-06 | N/A | 8.8 HIGH |
| Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-10605 | 1 Fabianros | 1 Blood Bank Management System | 2024-11-05 | N/A | 6.5 MEDIUM |
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /file/request.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-6959 | 1 Lollms | 1 Lollms Web Ui | 2024-11-03 | N/A | 7.1 HIGH |
| A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime. | |||||
| CVE-2024-10557 | 1 Fabianros | 1 Blood Bank Management System | 2024-11-01 | N/A | 6.5 MEDIUM |
| A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-6673 | 1 Lollms | 1 Lollms Web Ui | 2024-11-01 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash. | |||||
| CVE-2024-10448 | 1 Fabianros | 1 Blood Bank Management System | 2024-11-01 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. | |||||
| CVE-2024-10040 | 1 Infinite-scroll | 1 Infinite-scroll | 2024-11-01 | N/A | 4.3 MEDIUM |
| The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-43684 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0. | |||||
| CVE-2023-6243 | 1 Myeventon | 1 Eventon-lite | 2024-11-01 | N/A | 4.3 MEDIUM |
| The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-43933 | 2024-11-01 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App allows Stored XSS.This issue affects WPMobile.App: from n/a through 11.48. | |||||
| CVE-2024-49674 | 2024-11-01 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tournament Manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through 2.2.1. | |||||
| CVE-2024-20421 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. | |||||
| CVE-2023-25708 | 1 Rextheme | 1 Wp Vr | 2024-10-31 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions. | |||||
| CVE-2023-52123 | 1 Wpchill | 1 Strong Testimonials | 2024-10-29 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10. | |||||
| CVE-2024-6720 | 1 Dmytropopov | 1 Light Poll | 2024-10-28 | N/A | 8.8 HIGH |
| The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2019-15660 | 1 Butlerblog | 1 Wp-members | 2024-10-28 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-members plugin before 3.2.8 for WordPress has CSRF. | |||||