Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50766 | 1 Jenkins | 1 Nexus Platform | 2024-10-08 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | |||||
| CVE-2023-47578 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-10-08 | N/A | 8.8 HIGH |
| Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface. | |||||
| CVE-2024-47635 | 2024-10-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3. | |||||
| CVE-2024-47644 | 2024-10-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Copyscape / Indigo Stream Technologies Copyscape Premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through 1.3.6. | |||||
| CVE-2024-44028 | 2024-10-07 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5. | |||||
| CVE-2024-7689 | 1 Snapshot Backup Project | 1 Snapshot Backup | 2024-10-07 | N/A | 4.3 MEDIUM |
| The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2024-7687 | 1 Azindex Project | 1 Azindex | 2024-10-07 | N/A | 4.3 MEDIUM |
| The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
| CVE-2024-7688 | 1 Azindex Project | 1 Azindex | 2024-10-07 | N/A | 6.5 MEDIUM |
| The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack | |||||
| CVE-2024-7892 | 1 Vladyslavbondarenko | 1 Adstxt | 2024-10-07 | N/A | 4.3 MEDIUM |
| The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2024-7690 | 1 Digireturn | 1 Dn Popup | 2024-10-07 | N/A | 4.3 MEDIUM |
| The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2024-28948 | 1 Advantech | 2 Adam-5630, Adam-5630 Firmware | 2024-10-04 | N/A | 8.8 HIGH |
| Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other. | |||||
| CVE-2024-8458 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 8.8 HIGH |
| Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malicious website, allowing the attacker to impersonate the user and perform actions on their behalf, such as creating accounts. | |||||
| CVE-2024-41987 | 2024-10-04 | N/A | N/A | ||
| The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | |||||
| CVE-2023-27632 | 1 Mmrs151 | 1 Daily Prayer Time | 2024-10-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions. | |||||
| CVE-2024-20414 | 1 Cisco | 2 Ios, Ios Xe | 2024-10-02 | N/A | 6.5 MEDIUM |
| A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device. | |||||
| CVE-2024-8476 | 1 Wpplugin | 1 Easy Paypal Events | 2024-10-02 | N/A | 4.3 MEDIUM |
| The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeevent_plugin_buttons() function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-47305 | 1 Dineshkarki | 1 Use Any Font | 2024-10-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08. | |||||
| CVE-2024-47082 | 1 Strawberryrocks | 1 Strawberry | 2024-10-01 | N/A | 8.0 HIGH |
| Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to cross-site request forgery (CSRF) attacks if users did not explicitly enable CSRF preventing security mechanism for their servers. Additionally, the Django HTTP view integration, in particular, had an exemption for Django's built-in CSRF protection (i.e., the `CsrfViewMiddleware` middleware) by default. In affect, all Strawberry integrations were vulnerable to CSRF attacks by default. Version `v0.243.0` is the first `strawberry-graphql` including a patch. | |||||
| CVE-2024-47315 | 1 Givewp | 1 Givewp | 2024-09-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1. | |||||
| CVE-2024-3083 | 1 Proges | 2 Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-09-30 | N/A | 8.3 HIGH |
| A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page. | |||||