Export limit exceeded: 10441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10028 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10028 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4475 | 1 Onetarek | 1 Wp Logs Book | 2024-11-21 | 4.3 Medium |
| The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack | ||||
| CVE-2024-4474 | 1 Onetarek | 1 Wp Logs Book | 2024-11-21 | 4.3 Medium |
| The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-4328 | 1 Parisneo | 1 Lollms Web Ui | 2024-11-21 | 8.1 High |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user. | ||||
| CVE-2024-45693 | 1 Apache | 1 Cloudstack | 2024-11-21 | 8 High |
| Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1 Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. | ||||
| CVE-2024-41305 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 7.1 High |
| A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | ||||
| CVE-2024-40601 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.3 Medium |
| An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules. | ||||
| CVE-2024-40334 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3 | ||||
| CVE-2024-40332 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2024-11-21 | 6.8 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord | ||||
| CVE-2024-40037 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del | ||||
| CVE-2024-40034 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del | ||||
| CVE-2024-3972 | 1 Davidjmiller | 1 Similarity | 2024-11-21 | 4.3 Medium |
| The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-39171 | 1 Phpvibe | 1 Phpvibe | 2024-11-21 | 8.8 High |
| Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | ||||
| CVE-2024-38457 | 1 Xenforo | 1 Xenforo | 2024-11-21 | 8.8 High |
| Xenforo before 2.2.16 allows CSRF. | ||||
| CVE-2024-37533 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 2.4 Low |
| IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. | ||||
| CVE-2024-37230 | 1 Rarathemes | 1 Book Landing Page | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3. | ||||
| CVE-2024-35772 | 1 Presscustomizr | 1 Hueman | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24. | ||||
| CVE-2024-35771 | 1 Presscustomizr | 1 Customizr | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21. | ||||
| CVE-2024-35770 | 1 Davekiss | 1 Vimeography | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1. | ||||
| CVE-2024-35689 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.2.3. | ||||
| CVE-2024-35673 | 2 Pure Chat By Ruby, Purechat | 2 Pure Chat, Pure Chat | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby Pure Chat.This issue affects Pure Chat: from n/a through 2.22. | ||||