Total
9108 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34347 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.2 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | ||||
| CVE-2015-10130 | 1 I13websolution | 2 Continuous Image Carosel With Lightbox, Team Circle Image Slider With Lightbox | 2025-03-21 | 5.3 Medium |
| The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circle_thumbnail_slider_with_lightbox_image_management_func() function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious JavaScript, along with deleting images, and uploading malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-22375 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2025-03-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer. | ||||
| CVE-2022-29557 | 1 Relx | 1 Firco Compliance Link | 2025-03-20 | 8.8 High |
| LexisNexis Firco Compliance Link 3.7 allows CSRF. | ||||
| CVE-2021-33396 | 1 Baijiacms Project | 1 Baijiacms | 2025-03-20 | 6.5 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php. | ||||
| CVE-2023-22689 | 1 Flamescorpion | 1 Auto Affiliate Links | 2025-03-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | ||||
| CVE-2023-47652 | 1 Flamescorpion | 1 Auto Affiliate Links | 2025-03-20 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4. | ||||
| CVE-2023-25973 | 1 Flamescorpion | 1 Auto Affiliate Links | 2025-03-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions. | ||||
| CVE-2024-6244 | 2 Projectzealous, Wordpress Plugin | 2 Pz Frontend Manager, Pz Frontend Manager | 2025-03-19 | 8.8 High |
| The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-30454 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2. | ||||
| CVE-2024-32712 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 7.5 High |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. | ||||
| CVE-2023-25480 | 1 Boldgrid | 1 Post And Page Builder | 2025-03-19 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions. | ||||
| CVE-2023-25767 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. | ||||
| CVE-2024-43984 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13. | ||||
| CVE-2023-23847 | 1 Jenkins | 1 Synopsys Coverity | 2025-03-19 | 3.5 Low |
| A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-23465 | 1 Mediacp | 1 Media Control Panel | 2025-03-19 | 9.1 Critical |
| Media CP Media Control Panel latest version. CSRF possible through unspecified endpoint. | ||||
| CVE-2022-47372 | 1 Pandorafms | 1 Pandora Fms | 2025-03-18 | 7.6 High |
| Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload. | ||||
| CVE-2024-23737 | 1 Savignano | 1 S-notify | 2025-03-18 | 5.4 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | ||||
| CVE-2024-40603 | 1 Mediawiki | 1 Mediawiki | 2025-03-17 | 4.3 Medium |
| An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request. | ||||
| CVE-2025-21538 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | 6.1 Medium |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||