Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3472 | 2024-07-03 | N/A | 5.9 MEDIUM | ||
| The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack | |||||
| CVE-2024-3407 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | |||||
| CVE-2024-39157 | 2024-07-03 | N/A | 3.8 LOW | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. | |||||
| CVE-2024-39156 | 2024-07-03 | N/A | 3.8 LOW | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add. | |||||
| CVE-2024-39153 | 2024-07-03 | N/A | 4.7 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN. | |||||
| CVE-2024-36076 | 2024-07-03 | N/A | 8.8 HIGH | ||
| Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session. | |||||
| CVE-2024-35560 | 2024-07-03 | N/A | N/A | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN. | |||||
| CVE-2024-35559 | 2024-07-03 | N/A | 8.8 HIGH | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close. | |||||
| CVE-2024-35557 | 2024-07-03 | N/A | 5.5 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close. | |||||
| CVE-2024-35555 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40. | |||||
| CVE-2024-35554 | 2024-07-03 | N/A | N/A | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN. | |||||
| CVE-2024-35551 | 2024-07-03 | N/A | N/A | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add. | |||||
| CVE-2024-35475 | 2024-07-03 | N/A | 6.4 MEDIUM | ||
| A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands. | |||||
| CVE-2024-35109 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close. | |||||
| CVE-2024-35108 | 2024-07-03 | N/A | 8.8 HIGH | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN. | |||||
| CVE-2024-35039 | 2024-07-03 | N/A | N/A | ||
| idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area. | |||||
| CVE-2024-35012 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close. | |||||
| CVE-2024-34958 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add | |||||
| CVE-2024-34001 | 2024-07-03 | N/A | 8.4 HIGH | ||
| Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. | |||||
| CVE-2024-33830 | 2024-07-03 | N/A | 8.1 HIGH | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. | |||||