Export limit exceeded: 12031 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18029 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9969 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5616 | 1 Mudler | 1 Localai | 2025-07-15 | N/A |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview', without the victim's consent. The vulnerability is due to insufficient CSRF protection mechanisms on the model deletion functionality. | ||||
| CVE-2025-50370 | 2 Anujk305, Phpgurukul | 2 Medical Card Generation System, Medical Card Generation System | 2025-07-13 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request. | ||||
| CVE-2025-53540 | 1 Espressif | 1 Arduino-esp32 | 2025-07-13 | N/A |
| arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpoints accept POST requests for firmware uploads without CSRF protection. This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1. | ||||
| CVE-2024-13953 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-07-13 | 4.9 Medium |
| Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2024-6662 | 1 Jan Syski | 1 Megabip | 2025-07-13 | N/A |
| Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If the victim is a logged in administrator, this could lead to creation of new accounts and granting of administrative permissions. | ||||
| CVE-2024-4600 | 1 Socomec | 1 Net Vision | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file. | ||||
| CVE-2023-50738 | 1 Lexmark | 1 Printer Firmware | 2025-07-12 | 4.3 Medium |
| A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. | ||||
| CVE-2024-38344 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site. | ||||
| CVE-2024-41987 | 1 Tem | 1 Opera Plus Fm Family Transmitter | 2025-07-12 | N/A |
| The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | ||||
| CVE-2024-4751 | 1 Goprayer | 1 Prayer | 2025-07-11 | 4.3 Medium |
| The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2025-36576 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | 2.7 Low |
| Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. | ||||
| CVE-2025-20195 | 1 Cisco | 1 Ios Xe | 2025-07-11 | 4.3 Medium |
| A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to clear the syslog, parser, and licensing logs on the affected device if the targeted user has privileges to clear those logs. | ||||
| CVE-2025-48921 | 1 Getopensocial | 1 Open Social | 2025-07-09 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13. | ||||
| CVE-2025-7133 | 1 Codeastro | 1 Online Movie Ticket Booking System | 2025-07-09 | 4.3 Medium |
| A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41597 | 1 Processwire | 1 Processwire | 2025-07-09 | 4.2 Medium |
| Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. | ||||
| CVE-2025-25772 | 1 Ujcms | 1 Jspxcms | 2025-07-09 | 5.1 Medium |
| A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request. | ||||
| CVE-2025-47204 | 1 Davidstutz | 1 Bootstrap Multiselect | 2025-07-09 | 6.1 Medium |
| An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF). | ||||
| CVE-2025-0669 | 1 Universityofcalifornia | 1 Boinc Server | 2025-07-08 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3. | ||||
| CVE-2024-49054 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-49025 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | 5.4 Medium |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||