Total
9103 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26524 | 1 Expresstech | 1 Quiz And Survey Master | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions. | ||||
| CVE-2023-47230 | 1 Cimatti | 1 Wordpress Contact Forms | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. | ||||
| CVE-2023-33409 | 1 Minical | 1 Minical | 2025-01-08 | 6.5 Medium |
| Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. | ||||
| CVE-2024-24701 | 1 Tiny | 1 Setka Workflow | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20. | ||||
| CVE-2024-23519 | 1 Mandsconsulting | 1 Email Before Download | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7. | ||||
| CVE-2024-21749 | 1 Atakanau | 1 Click Disable All | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1. | ||||
| CVE-2024-52002 | 1 Combodo | 1 Itop | 2025-01-07 | 8.8 High |
| Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-31200 | 1 Ptc | 1 Vuforia Studio | 2025-01-06 | 5.7 Medium |
| PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. | ||||
| CVE-2023-38130 | 1 Cubecart | 1 Cubecart | 2025-01-06 | 8.1 High |
| Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | ||||
| CVE-2024-9665 | 1 Zimbra | 1 Zimbra | 2025-01-03 | 6.5 Medium |
| Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists within the implementation of the graphql endpoint. The issue results from the lack of proper protections against cross-site request forgery (CSRF) attacks. An attacker can leverage this vulnerability to disclose information in the context of the target email account. Was ZDI-CAN-23939. | ||||
| CVE-2023-35141 | 1 Jenkins | 1 Jenkins | 2025-01-02 | 8 High |
| In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. | ||||
| CVE-2023-35148 | 1 Jenkins | 1 Digital.ai App Management Publisher | 2024-12-31 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | ||||
| CVE-2024-9689 | 1 Shaon | 1 Post From Frontend | 2024-12-20 | 4.1 Medium |
| The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack | ||||
| CVE-2023-47635 | 1 Decidim | 1 Decidim | 2024-12-16 | 4.5 Medium |
| Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public. The issue is fixed in version 0.27.5 and 0.28.0. As a workaround, disable the templates functionality or remove all available templates. | ||||
| CVE-2023-48651 | 1 Concretecms | 1 Concrete Cms | 2024-12-16 | 4.3 Medium |
| Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit. | ||||
| CVE-2023-48653 | 1 Concretecms | 1 Concrete Cms | 2024-12-16 | 4.3 Medium |
| Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential. | ||||
| CVE-2023-7045 | 1 Gitlab | 1 Gitlab | 2024-12-16 | 5.4 Medium |
| A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS). | ||||
| CVE-2024-4597 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 5.7 Medium |
| An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF. | ||||
| CVE-2023-30759 | 1 Ricoh | 1 Printer Driver Packager Nx | 2024-12-12 | 8.4 High |
| The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege. | ||||
| CVE-2024-12349 | 2 Jfinalcms Project, Jwillber | 2 Jfinalcms, Jfinalcms | 2024-12-11 | 4.3 Medium |
| A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||