Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9633 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34448 | 1 Dell | 1 Powerpath Management Appliance | 2025-03-26 | 8.8 High |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. | ||||
| CVE-2024-38276 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-03-26 | 8.8 High |
| Incorrect CSRF token checks resulted in multiple CSRF risks. | ||||
| CVE-2024-37118 | 1 Uncannyowl | 1 Uncanny Automator | 2025-03-26 | 5.4 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3. | ||||
| CVE-2025-1530 | 1 Tripetto | 1 Tripetto | 2025-03-25 | 4.3 Medium |
| The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-42584 | 1 Siamonhasan | 1 Warehouse Inventory System | 2025-03-25 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2022-45191 | 1 Microchip | 2 Rn4870, Rn4870 Firmware | 2025-03-25 | 6.5 Medium |
| An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. | ||||
| CVE-2024-45987 | 1 Online Voting System Project | 1 Online Voting System | 2025-03-25 | 6.5 Medium |
| Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process. | ||||
| CVE-2024-34008 | 1 Moodle | 1 Moodle | 2025-03-25 | 3.5 Low |
| Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2024-26349 | 1 Flusity | 1 Flusity | 2025-03-25 | 4.3 Medium |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php | ||||
| CVE-2024-26351 | 1 Flusity | 1 Flusity | 2025-03-25 | 6.1 Medium |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php | ||||
| CVE-2024-26352 | 1 Flusity | 1 Flusity | 2025-03-25 | 8.8 High |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php | ||||
| CVE-2024-26445 | 1 Flusity | 1 Flusity | 2025-03-25 | 6.1 Medium |
| flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php | ||||
| CVE-2025-26935 | 1 Wpjobportal | 1 Wp Job Portal | 2025-03-25 | 7.5 High |
| Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.2.8. | ||||
| CVE-2024-45372 | 1 Planex | 2 Mzk-dp300n, Mzk-dp300n Firmware | 2025-03-25 | 6.5 Medium |
| MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc. | ||||
| CVE-2023-0735 | 1 Wallabag | 1 Wallabag | 2025-03-25 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. | ||||
| CVE-2024-3474 | 1 Wow-company | 1 Wow Skype Buttons | 2025-03-25 | 8.8 High |
| The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | ||||
| CVE-2024-13217 | 1 Jegtheme | 1 Jeg Elementor Kit | 2025-03-25 | 4.3 Medium |
| The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data. | ||||
| CVE-2025-26816 | 2025-03-25 | 6.5 Medium | ||
| A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensitive data from a different user context. | ||||
| CVE-2025-0807 | 2025-03-24 | 4.3 Medium | ||
| The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the cits_settings_tab() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-24387 | 1 Otrs | 1 Otrs | 2025-03-24 | 4.8 Medium |
| A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.x | ||||