Total
8686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31689 | 1 General Data Protection Regulation Project | 1 General Data Protection Regulation | 2025-09-02 | N/A | 8.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2. | |||||
| CVE-2025-31690 | 1 Cache Utility Project | 1 Cache Utility | 2025-09-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1. | |||||
| CVE-2024-13293 | 1 Post File Project | 1 Post File | 2025-09-02 | N/A | 3.1 LOW |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2. | |||||
| CVE-2024-13284 | 1 Drupalgutenberg | 1 Gutenberg | 2025-09-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5. | |||||
| CVE-2024-29192 | 1 Alexxit | 1 Go2rtc | 2025-09-02 | N/A | 8.8 HIGH |
| gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The `/api/config` endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an attacker may be able to achieve that depending on how go2rtc is set up on the upstream application, and given that this endpoint is not protected against CSRF, it allows requests from any origin (e.g. a "drive-by" attack) . The `exec` handler allows for any stream to execute arbitrary commands. An attacker may add a custom stream through `api/config`, which may lead to arbitrary command execution. In the event of a victim visiting the server in question, their browser will execute the requests against the go2rtc instance. Commit 8793c3636493c5efdda08f3b5ed5c6e1ea594fd9 adds a warning about secure API access. | |||||
| CVE-2024-27631 | 1 Gnu | 1 Savane | 2025-09-02 | N/A | 6.0 MEDIUM |
| Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php | |||||
| CVE-2024-28233 | 1 Jupyter | 1 Jupyterhub | 2025-09-02 | N/A | 8.1 HIGH |
| JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0. | |||||
| CVE-2025-9618 | 2025-09-02 | N/A | 4.3 MEDIUM | ||
| The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-0610 | 2025-09-02 | N/A | 8.6 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.This issue affects QR Menü: from s1.05.06 before v1.05.12. | |||||
| CVE-2024-2748 | 1 Github | 1 Enterprise Server | 2025-09-02 | N/A | 4.3 MEDIUM |
| A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-43684 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2025-08-29 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0. | |||||
| CVE-2024-13580 | 1 Xavivars | 1 Xv Random Quotes | 2025-08-29 | N/A | 4.3 MEDIUM |
| The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack | |||||
| CVE-2025-48362 | 2025-08-29 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.2.4. | |||||
| CVE-2025-48363 | 2025-08-29 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5. | |||||
| CVE-2025-9374 | 2025-08-29 | N/A | 4.3 MEDIUM | ||
| The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-48325 | 2025-08-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme allows Stored XSS. This issue affects WP Admin Theme: from n/a through 1.0. | |||||
| CVE-2025-49040 | 2025-08-29 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through 1.4.1. | |||||
| CVE-2025-7812 | 2025-08-29 | N/A | 8.8 HIGH | ||
| The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport() function. This makes it possible for unauthenticated attackers to update settings and execute remote code when the Server command execution setting is enabled via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-48359 | 2025-08-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget allows Stored XSS. This issue affects ATT YouTube Widget: from n/a through 1.0. | |||||
| CVE-2025-48311 | 2025-08-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS. This issue affects Invisible Optin: from n/a through 1.0. | |||||