Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37212 | 1 Ali2woo | 1 Ali2woo | 2024-06-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | |||||
| CVE-2024-37198 | 1 Blazethemes | 1 Digital Newspaper | 2024-06-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5. | |||||
| CVE-2023-45857 | 1 Axios | 1 Axios | 2024-06-21 | N/A | 6.5 MEDIUM |
| An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. | |||||
| CVE-2023-32123 | 1 Dream-theme | 1 The7 | 2024-06-21 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3. | |||||
| CVE-2024-35673 | 1 Purechat | 1 Pure Chat | 2024-06-14 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects Pure Chat: from n/a through 2.22. | |||||
| CVE-2023-47845 | 2024-06-13 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4. | |||||
| CVE-2024-4328 | 1 Parisneo | 1 Lollms Web Ui | 2024-06-12 | N/A | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user. | |||||
| CVE-2024-2368 | 1 Wobbie | 1 Mollie Forms | 2024-06-11 | N/A | 4.3 MEDIUM |
| The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-5786 | 2024-06-10 | N/A | N/A | ||
| Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated. | |||||
| CVE-2024-35657 | 2024-06-10 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.6. | |||||
| CVE-2023-4865 | 1 Take-note App Project | 1 Take-note App | 2024-06-05 | N/A | 8.8 HIGH |
| A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-33679 | 2024-06-05 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5. | |||||
| CVE-2023-51416 | 2024-06-05 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvĂaloSimple.This issue affects EnvĂaloSimple: from n/a through 2.2. | |||||
| CVE-2024-4172 | 2024-06-04 | N/A | N/A | ||
| A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991. | |||||
| CVE-2023-47667 | 1 Paymentsplugin | 1 Wp Full Stripe Free | 2024-06-03 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 7.0.16. | |||||
| CVE-2024-35636 | 2024-06-03 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery (beta) uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery (beta): from n/a through 3.0.11. | |||||
| CVE-2024-35638 | 2024-06-03 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through 0.2.43. | |||||
| CVE-2024-35632 | 2024-06-03 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.5. | |||||
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2024-05-28 | 6.8 MEDIUM | 7.6 HIGH |
| A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded. The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads. | |||||
| CVE-2023-44478 | 2024-05-17 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8. | |||||