Total
7071 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51647 | 2024-11-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25. | ||||
| CVE-2024-51630 | 2024-11-12 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1. | ||||
| CVE-2024-49617 | 1 Bhaskardhote | 1 Back Link Tracker | 2024-11-11 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0. | ||||
| CVE-2019-20460 | 1 Epson | 1 Xp-255 | 2024-11-08 | 8.8 High |
| An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For example, an attack could deliver a worrisome printout to an end user. | ||||
| CVE-2024-50966 | 1 Dingfanzu | 1 Cms | 2024-11-08 | 9.3 Critical |
| dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin. | ||||
| CVE-2020-11919 | 1 Svakom | 1 Svakom Siime Eye Firmware | 2024-11-08 | 8 High |
| An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection. | ||||
| CVE-2024-49672 | 1 Google Docs Rsvp Project | 1 Google Docs Rsvp | 2024-11-08 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1. | ||||
| CVE-2024-49340 | 1 Ibm | 1 Watson Studio Local | 2024-11-08 | 4.3 Medium |
| IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-46872 | 1 Mattermost | 1 Mattermost Server | 2024-11-08 | 4.6 Medium |
| Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks | ||||
| CVE-2024-48913 | 1 Hono | 1 Hono | 2024-11-07 | 5.9 Medium |
| Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue. | ||||
| CVE-2024-10711 | 1 Ithemelandco | 1 Woocommerce Report | 2024-11-07 | 8.8 High |
| The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-50466 | 1 Darkmysite | 1 Darkmysite | 2024-11-06 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8. | ||||
| CVE-2024-9990 | 1 Odude | 2 Crypto, Crypto Tool | 2024-11-06 | 8.8 High |
| The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-49223 | 1 Shibulijack | 1 Cj Change Howdy | 2024-11-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1. | ||||
| CVE-2024-49221 | 1 Julianweinert | 1 Cslider | 2024-11-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2. | ||||
| CVE-2024-49220 | 1 Cookie-scanner | 1 Cookie Scanner | 2024-11-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1. | ||||
| CVE-2024-49229 | 1 Arifnezami | 1 Better Author Bio | 2024-11-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11. | ||||
| CVE-2024-49237 | 1 Ahmetimamoglu | 1 Ahmeti Wp Timeline | 2024-11-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1. | ||||
| CVE-2024-51381 | 1 Jatos | 1 Jatos | 2024-11-06 | 8.4 High |
| Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control. | ||||
| CVE-2024-51382 | 1 Jatos | 1 Jatos | 2024-11-06 | 8.4 High |
| Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the system. | ||||