Total
9108 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47131 | 1 Creativeitem | 1 Academy Lms | 2025-03-26 | 4.8 Medium |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. | ||||
| CVE-2022-47130 | 1 Creativeitem | 1 Academy Lms | 2025-03-26 | 4.3 Medium |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | ||||
| CVE-2024-42616 | 1 Pligg | 1 Pligg Cms | 2025-03-26 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics | ||||
| CVE-2022-34448 | 1 Dell | 1 Powerpath Management Appliance | 2025-03-26 | 8.8 High |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. | ||||
| CVE-2024-38276 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-03-26 | 8.8 High |
| Incorrect CSRF token checks resulted in multiple CSRF risks. | ||||
| CVE-2024-37118 | 1 Uncannyowl | 1 Uncanny Automator | 2025-03-26 | 5.4 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3. | ||||
| CVE-2024-42584 | 1 Siamonhasan | 1 Warehouse Inventory System | 2025-03-25 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-45987 | 1 Online Voting System Project | 1 Online Voting System | 2025-03-25 | 6.5 Medium |
| Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process. | ||||
| CVE-2024-34008 | 1 Moodle | 1 Moodle | 2025-03-25 | 3.5 Low |
| Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2024-26349 | 1 Flusity | 1 Flusity | 2025-03-25 | 4.3 Medium |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php | ||||
| CVE-2024-26351 | 1 Flusity | 1 Flusity | 2025-03-25 | 6.1 Medium |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php | ||||
| CVE-2024-26352 | 1 Flusity | 1 Flusity | 2025-03-25 | 8.8 High |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php | ||||
| CVE-2024-26445 | 1 Flusity | 1 Flusity | 2025-03-25 | 6.1 Medium |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php | ||||
| CVE-2024-45372 | 1 Planex | 2 Mzk-dp300n, Mzk-dp300n Firmware | 2025-03-25 | 6.5 Medium |
| MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc. | ||||
| CVE-2023-0735 | 1 Wallabag | 1 Wallabag | 2025-03-25 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. | ||||
| CVE-2024-3474 | 1 Wow-company | 1 Wow Skype Buttons | 2025-03-25 | 8.8 High |
| The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | ||||
| CVE-2025-24387 | 1 Otrs | 1 Otrs | 2025-03-24 | 4.8 Medium |
| A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.x | ||||
| CVE-2024-2316 | 1 Bdtask | 1 Hospital Automanager | 2025-03-24 | 4.3 Medium |
| A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This vulnerability affects unknown code of the file /billing/bill/edit/ of the component Update Bill Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-4138 | 1 Gitlab | 1 Gitlab | 2025-03-21 | 6.4 Medium |
| A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. | ||||
| CVE-2022-34347 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.2 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | ||||