Export limit exceeded: 13942 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9140 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35561 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2025-04-09 | 5.4 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close. | ||||
| CVE-2022-4849 | 1 Usememos | 1 Memos | 2025-04-09 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4867 | 1 Froxlor | 1 Froxlor | 2025-04-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | ||||
| CVE-2022-4844 | 1 Usememos | 1 Memos | 2025-04-09 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4103 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-04-09 | 4.3 Medium |
| The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title | ||||
| CVE-2024-44677 | 1 Eladmin | 1 Eladmin | 2025-04-08 | 9.8 Critical |
| eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. | ||||
| CVE-2023-7203 | 1 Rednao | 1 Smart Forms | 2025-04-08 | 6.1 Medium |
| The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries. | ||||
| CVE-2024-1306 | 1 Rednao | 1 Smart Forms | 2025-04-08 | 5.4 Medium |
| The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. | ||||
| CVE-2022-46368 | 1 Maxum | 1 Rumpus | 2025-04-08 | 6.8 Medium |
| Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | ||||
| CVE-2022-46367 | 1 Maxum | 1 Rumpus | 2025-04-08 | 6.8 Medium |
| Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | ||||
| CVE-2024-27474 | 1 Leantime | 1 Leantime | 2025-04-08 | 8.8 High |
| Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators. | ||||
| CVE-2024-22721 | 1 Formtools | 1 Form Tools | 2025-04-08 | 6.3 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link. | ||||
| CVE-2024-25572 | 2 Ninjaforms, Saturday Drive | 2 Ninja Forms, Ninja Forms | 2025-04-08 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed. | ||||
| CVE-2023-22852 | 1 Tiki | 1 Tiki | 2025-04-07 | 6.5 Medium |
| Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | ||||
| CVE-2022-43719 | 1 Apache | 1 Superset | 2025-04-07 | 8.8 High |
| Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2024-39090 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-04-05 | 6.1 Medium |
| The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover. | ||||
| CVE-2022-47373 | 1 Pandorafms | 1 Pandora Fms | 2025-04-04 | 6.4 Medium |
| Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload. | ||||
| CVE-2023-22286 | 1 Ate-mahoroba | 6 Maho-pbx Netdevancer, Maho-pbx Netdevancer Firmware, Maho-pbx Netdevancer Mobilegate and 3 more | 2025-04-04 | 8.1 High |
| Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in. | ||||
| CVE-2023-45904 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. | ||||
| CVE-2023-45907 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. | ||||