Total
8695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35009 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.8 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6. | |||||
| CVE-2024-33830 | 1 Idccms | 1 Idccms | 2025-04-15 | N/A | 8.1 HIGH |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. | |||||
| CVE-2022-46491 | 1 Nbnbk Project | 1 Nbnbk | 2025-04-15 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts. | |||||
| CVE-2022-2846 | 1 Dwbooster | 1 Calendar Event Multi View | 2025-04-15 | N/A | 4.3 MEDIUM |
| The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it. | |||||
| CVE-2022-46853 | 1 Radiustheme | 1 The Post Grid | 2025-04-15 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions. | |||||
| CVE-2022-4124 | 1 Popup Manager Project | 1 Popup Manager | 2025-04-14 | N/A | 4.3 MEDIUM |
| The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them | |||||
| CVE-2024-54357 | 1 Theme-fusion | 1 Avada | 2025-04-14 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10. | |||||
| CVE-2020-28191 | 1 Togglz | 1 Togglz | 2025-04-14 | N/A | 8.8 HIGH |
| The console in Togglz before 2.9.4 allows CSRF. | |||||
| CVE-2024-2429 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-14 | N/A | 4.3 MEDIUM |
| The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2025-31859 | 2025-04-14 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool allows Cross Site Request Forgery. This issue affects Feedbucket – Website Feedback Tool: from n/a through 1.0.6. | |||||
| CVE-2014-0213 | 1 Moodle | 1 Moodle | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests. | |||||
| CVE-2014-2115 | 1 Cisco | 1 Emergency Responder | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250. | |||||
| CVE-2015-5508 | 1 The Extensible Catalog Drupal Toolkit Project | 1 The Extensible Catalog Drupal Toolkit | 2025-04-12 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request. | |||||
| CVE-2014-9099 | 1 Whydowork Adsense Project | 1 Whydowork Adsense | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php. | |||||
| CVE-2015-2838 | 1 Citrix | 1 Netscaler | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. | |||||
| CVE-2015-2852 | 1 Blue Coat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2014-5205 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 6.8 MEDIUM | N/A |
| wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. | |||||
| CVE-2015-2048 | 1 Dlink | 2 Dcs-931l, Dcs-931l Firmware | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-2559 | 1 Twitget Project | 1 Twitget | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php. | |||||
| CVE-2015-2759 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors. | |||||