Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35773 | 2024-07-12 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting (XSS).This issue affects Comment Reply Email: from n/a through 1.3. | |||||
| CVE-2024-37939 | 2024-07-12 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Lite.This issue affects Patricia Lite: from n/a through 1.2.3. | |||||
| CVE-2024-40331 | 2024-07-12 | N/A | 8.8 HIGH | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup | |||||
| CVE-2024-40329 | 2024-07-12 | N/A | 8.8 HIGH | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup | |||||
| CVE-2024-3798 | 2024-07-12 | N/A | N/A | ||
| Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery. This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. Phoniebox in version 3.0 and higher are not affected. | |||||
| CVE-2024-32085 | 2024-07-12 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0. | |||||
| CVE-2024-5712 | 2024-07-12 | N/A | 8.1 HIGH | ||
| A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings, without any CSRF protection implemented. Successful exploitation disrupts the integrity and availability of the application and its data. | |||||
| CVE-2023-47677 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2024-07-11 | N/A | 8.8 HIGH |
| A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2023-45651 | 1 Marcomilesi | 1 Wp Attachments | 2024-07-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11. | |||||
| CVE-2023-27433 | 1 Yasglobal | 1 Make Paths Relative | 2024-07-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0. | |||||
| CVE-2024-40328 | 2024-07-11 | N/A | 6.3 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6 | |||||
| CVE-2024-40038 | 2024-07-11 | N/A | 5.3 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev | |||||
| CVE-2024-40035 | 2024-07-11 | N/A | 5.9 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add. | |||||
| CVE-2024-39119 | 2024-07-11 | N/A | 5.4 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close. | |||||
| CVE-2024-23736 | 2024-07-11 | N/A | 8.8 HIGH | ||
| Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | |||||
| CVE-2024-6649 | 2024-07-11 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271057 was assigned to this vulnerability. | |||||
| CVE-2024-28828 | 2024-07-11 | N/A | 8.8 HIGH | ||
| Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. | |||||
| CVE-2024-40601 | 1 Mediawiki | 1 Mediawiki | 2024-07-09 | N/A | 6.5 MEDIUM |
| An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules. | |||||
| CVE-2024-37923 | 2024-07-09 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Cliengo – Chatbot.This issue affects Cliengo – Chatbot: from n/a through 3.0.1. | |||||
| CVE-2024-27783 | 2024-07-09 | N/A | 7.6 HIGH | ||
| Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests. | |||||