Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10028 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2023-34378 1 Scriptburn 1 Wp Hide Post 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions.
CVE-2023-34373 1 Zephyr Project Manager Project 1 Zephyr Project Manager 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.
CVE-2023-34085 1 Pingidentity 1 Pingfederate 2024-11-21 2.6 Low
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request
CVE-2023-34028 1 Pluginus 1 Wolf - Wordpress Posts Bulk Editor And Manager Professional 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions.
CVE-2023-34015 1 Piwebsolution 1 Advanced-free-flat-shipping-woocommerce 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions.
CVE-2023-34005 1 Etoilewebdesign 1 Front End Users 2024-11-21 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.
CVE-2023-33931 1 Getbutterfly 1 Youtube Playlist Player 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4 versions.
CVE-2023-33926 1 Supsystic 1 Easy Google Maps 2024-11-21 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions.
CVE-2023-33668 1 Digiexam 1 Digiexam 2024-11-21 9.8 Critical
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.
CVE-2023-33534 2 Guanzhou Tozed Kangwei Intelligent Technology, Sztozed 3 Zlts10g, Zlt S10g, Zlt S10g Firmware 2024-11-21 8.8 High
A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process.
CVE-2023-33316 1 Woocommerce 1 Automatewoo 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.
CVE-2023-33315 1 Wandlesoftware 1 Smart App Banner 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.2 versions.
CVE-2023-33313 1 Themeinprogress 1 Wip Custom Login 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions.
CVE-2023-33212 1 Crocoblock 1 Jetformbuilder 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions.
CVE-2023-32964 1 Madewithfuel 1 Better Notifications For Wp 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions.
CVE-2023-32960 1 Updraftplus 1 Updraftplus 2024-11-21 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).
CVE-2023-32792 1 Nxlog 1 Nxlog Manager 2024-11-21 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.
CVE-2023-32791 1 Nxlog 1 Nxlog Manager 2024-11-21 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of the origin of incoming requests.
CVE-2023-32761 1 Archerirm 1 Archer 2024-11-21 8.1 High
Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.
CVE-2023-32588 1 Brandbrilliance 1 Post State Tags 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Post State Tags plugin <= 2.0.6 versions.