Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33829 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. | |||||
| CVE-2024-30946 | 2024-07-03 | N/A | 5.5 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php. | |||||
| CVE-2024-29499 | 2024-07-03 | N/A | 7.4 HIGH | ||
| Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. | |||||
| CVE-2024-24524 | 1 Flusity | 1 Flusity | 2024-07-03 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. | |||||
| CVE-2024-23597 | 2024-07-03 | N/A | 4.3 MEDIUM | ||
| Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a. | |||||
| CVE-2021-45785 | 1 Trudesk Project | 1 Trudesk | 2024-07-03 | N/A | 6.5 MEDIUM |
| TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage. | |||||
| CVE-2024-31902 | 2024-07-01 | N/A | 4.3 MEDIUM | ||
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234. | |||||
| CVE-2024-1889 | 2024-06-27 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device. | |||||
| CVE-2024-5935 | 2024-06-27 | N/A | 5.4 MEDIUM | ||
| A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users. | |||||
| CVE-2024-36669 | 1 Idccms Project | 1 Idccms | 2024-06-27 | N/A | 8.8 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add. | |||||
| CVE-2024-36668 | 1 Idccms Project | 1 Idccms | 2024-06-27 | N/A | 8.8 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del | |||||
| CVE-2024-36667 | 1 Idccms Project | 1 Idccms | 2024-06-27 | N/A | 8.8 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close | |||||
| CVE-2024-38276 | 2024-06-27 | N/A | N/A | ||
| Incorrect CSRF token checks resulted in multiple CSRF risks. | |||||
| CVE-2024-2911 | 2024-06-26 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257979. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-35722 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-06-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-4839 | 2024-06-24 | N/A | 4.4 MEDIUM | ||
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent. | |||||
| CVE-2024-35772 | 1 Presscustomizr | 1 Hueman | 2024-06-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24. | |||||
| CVE-2024-35771 | 1 Presscustomizr | 1 Customizr | 2024-06-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21. | |||||
| CVE-2024-35770 | 1 Davekiss | 1 Vimeography | 2024-06-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1. | |||||
| CVE-2024-37230 | 1 Rarathemes | 1 Book Landing Page | 2024-06-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3. | |||||