Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36668 | 1 Idccms Project | 1 Idccms | 2024-08-19 | N/A | 8.8 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del | |||||
| CVE-2024-7065 | 1 Denkgroot | 1 Spina | 2024-08-16 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272346 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-27783 | 1 Fortinet | 1 Fortiaiops | 2024-08-16 | N/A | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests. | |||||
| CVE-2024-7662 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | N/A | 6.5 MEDIUM |
| A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. This vulnerability affects the function save_package of the file admin/packages/manag_package.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7661 | 1 Oretnom23 | 1 Car Driving School Management System | 2024-08-15 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function save_users of the file admin/user/index.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42628 | 1 Frogcms Project | 1 Frogcms | 2024-08-15 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3. | |||||
| CVE-2024-42624 | 1 Frogcms Project | 1 Frogcms | 2024-08-15 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10. | |||||
| CVE-2024-40476 | 1 Mayurik | 1 Best House Rental Management | 2024-08-15 | N/A | 8.0 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant. | |||||
| CVE-2024-36549 | 1 Idccms | 1 Idccms | 2024-08-14 | N/A | 8.8 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close | |||||
| CVE-2023-43275 | 1 Dedecms | 1 Dedecms | 2024-08-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. | |||||
| CVE-2024-42623 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1 | |||||
| CVE-2024-42627 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3. | |||||
| CVE-2024-42631 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1. | |||||
| CVE-2024-42625 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add | |||||
| CVE-2024-42629 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10. | |||||
| CVE-2024-42626 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add. | |||||
| CVE-2024-42630 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. | |||||
| CVE-2024-42632 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add. | |||||
| CVE-2023-38001 | 1 Ibm | 1 Aspera Orchestrator | 2024-08-13 | N/A | 6.5 MEDIUM |
| IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206. | |||||
| CVE-2024-7226 | 1 Oretnom23 | 1 Medicine Tracker System | 2024-08-13 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save_user of the component Password Change Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272806 is the identifier assigned to this vulnerability. | |||||