Total
8695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16780 | 1 Mybb | 1 Mybb | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. | |||||
| CVE-2016-7980 | 1 Spip | 1 Spip | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. | |||||
| CVE-2017-12584 | 1 Slims | 1 Senayan Library Management System | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. | |||||
| CVE-2017-8101 | 1 S9y | 1 Serendipity | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | |||||
| CVE-2015-4089 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page. | |||||
| CVE-2017-8848 | 1 Allen Disk Project | 1 Allen Disk | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | |||||
| CVE-2016-8350 | 1 Moxa | 19 Iologik E1200 Series Firmware, Iologik E1210, Iologik E1211 and 16 more | 2025-04-20 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application may not sufficiently verify whether a request was provided by a valid user (CROSS-SITE REQUEST FORGERY). | |||||
| CVE-2017-1000092 | 1 Jenkins | 1 Git | 2025-04-20 | 2.6 LOW | 7.5 HIGH |
| Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server. | |||||
| CVE-2016-8018 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | 6.0 MEDIUM | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input. | |||||
| CVE-2024-30617 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 5.4 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge. | |||||
| CVE-2024-3756 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2025-04-18 | N/A | 7.5 HIGH |
| The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack | |||||
| CVE-2024-51156 | 1 07fly | 1 07flycms | 2025-04-18 | N/A | 4.7 MEDIUM |
| 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'. | |||||
| CVE-2024-51157 | 1 07fly | 1 07flycms | 2025-04-18 | N/A | 4.7 MEDIUM |
| 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html. | |||||
| CVE-2025-21576 | 1 Oracle | 1 Commerce Platform | 2025-04-17 | N/A | 5.4 MEDIUM |
| Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2025-39440 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2. | |||||
| CVE-2025-39424 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS. This issue affects Simple Maps: from n/a through 0.98. | |||||
| CVE-2025-32546 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Reflected XSS. This issue affects All push notification for WP: from n/a through 1.5.3. | |||||
| CVE-2025-39431 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n/a through 2.2. | |||||
| CVE-2025-39414 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS. This issue affects spam-stopper: from n/a through 3.1.3. | |||||
| CVE-2025-39415 | 2025-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3. | |||||