Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10028 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10028 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48063 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 4.3 Medium |
| An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. | ||||
| CVE-2023-48017 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. | ||||
| CVE-2023-48058 | 2 Dreamer Cms Project, Iteachyou | 2 Dreamer Cms, Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run | ||||
| CVE-2023-45906 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add. | ||||
| CVE-2023-45901 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add. | ||||
| CVE-2023-45905 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. | ||||
| CVE-2023-45902 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. | ||||
| CVE-2023-45904 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. | ||||
| CVE-2023-45903 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete. | ||||
| CVE-2023-45907 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. | ||||
| CVE-2022-3693 | 1 Fileorbis | 1 Fileorbis | 2025-04-04 | 7.5 High |
| Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal.This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | ||||
| CVE-2024-8736 | 1 Lollms | 1 Lollms Web Ui | 2025-04-04 | 6.5 Medium |
| A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints. | ||||
| CVE-2023-0398 | 1 Modoboa | 1 Modoboa | 2025-04-03 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2023-0406 | 1 Modoboa | 1 Modoboa | 2025-04-03 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2023-0438 | 1 Modoboa | 1 Modoboa | 2025-04-03 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2024-12955 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2025-04-03 | 4.3 Medium |
| A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25873 | 1 Openpanel | 1 Openadmin | 2025-04-03 | 5.5 Medium |
| Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function | ||||
| CVE-2024-11700 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 8.1 High |
| Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. | ||||
| CVE-2024-11693 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-03 | 9.8 Critical |
| The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | ||||
| CVE-2022-37719 | 1 Edgenexus | 1 Application Delivery Controller | 2025-04-02 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | ||||