Total
8696 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3782 | 1 Whitebearsolutions | 1 Wbsairback | 2025-04-10 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user. | |||||
| CVE-2024-25692 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2025-04-10 | N/A | 5.4 MEDIUM |
| There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity. | |||||
| CVE-2022-3911 | 1 Iubenda | 1 Iubenda-cookie-law-solution | 2025-04-10 | N/A | 8.8 HIGH |
| The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc | |||||
| CVE-2024-21043 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-04-10 | N/A | 6.1 MEDIUM |
| Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2025-32584 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Chat2 Chat2 allows Cross Site Request Forgery. This issue affects Chat2: from n/a through 3.6.3. | |||||
| CVE-2025-32505 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer allows Stored XSS. This issue affects MultiMailer: from n/a through 1.0.3. | |||||
| CVE-2025-31375 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled allows Stored XSS. This issue affects Scheduled: from n/a through 1.0. | |||||
| CVE-2025-32641 | 2025-04-09 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor allows Cross Site Request Forgery. This issue affects Anant Addons for Elementor: from n/a through 1.1.5. | |||||
| CVE-2025-32621 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital WP Map Route Planner allows Cross Site Request Forgery. This issue affects WP Map Route Planner: from n/a through 1.0.0. | |||||
| CVE-2025-32484 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WP-Planification allows Stored XSS. This issue affects WP-Planification: from n/a through 2.3.1. | |||||
| CVE-2025-31402 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller allows Stored XSS. This issue affects NewsBoard Post and RSS Scroller: from n/a through 1.2.12. | |||||
| CVE-2025-31395 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Easy Custom CSS allows Stored XSS. This issue affects Easy Custom CSS: from n/a through 1.0. | |||||
| CVE-2025-32480 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer allows Stored XSS. This issue affects Windows Live Writer: from n/a through 0.1. | |||||
| CVE-2025-31032 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway allows Stored XSS. This issue affects Pagopar – WooCommerce Gateway: from n/a through 2.7.1. | |||||
| CVE-2025-32575 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Reflected XSS. This issue affects WP w3all phpBB: from n/a through 2.9.2. | |||||
| CVE-2025-31383 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in FrescoChat Live Chat allows Stored XSS. This issue affects FrescoChat Live Chat: from n/a through 3.2.6. | |||||
| CVE-2025-32547 | 2025-04-09 | N/A | 8.2 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Blind SQL Injection. This issue affects All push notification for WP: from n/a through 1.5.3. | |||||
| CVE-2025-31388 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in doa The World allows Stored XSS. This issue affects The World: from n/a through 0.4. | |||||
| CVE-2025-32479 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ab-tools Flags Widget allows Stored XSS. This issue affects Flags Widget: from n/a through 1.0.7. | |||||
| CVE-2025-31034 | 2025-04-09 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Customize Login Page allows Cross Site Request Forgery. This issue affects Customize Login Page: from n/a through 1.1. | |||||