Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25698 | 1 Studiowombat | 1 Shoppable Images | 2023-05-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <= 1.2.3 versions. | |||||
| CVE-2023-27423 | 1 Mijnpress | 1 Auto Prune Posts | 2023-05-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <= 1.8.0 versions. | |||||
| CVE-2023-27430 | 1 Mijnpress | 1 Mass Delete Unused Tags | 2023-05-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <= 2.0.0 versions. | |||||
| CVE-2023-2631 | 1 Jenkins | 1 Code Dx | 2023-05-25 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2023-2195 | 1 Jenkins | 1 Code Dx | 2023-05-25 | N/A | 3.5 LOW |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2023-32978 | 1 Jenkins | 1 Lightweight Directory Access Protocol | 2023-05-25 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | |||||
| CVE-2023-32980 | 1 Jenkins | 1 Email Extension | 2023-05-25 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. | |||||
| CVE-2023-32987 | 1 Jenkins | 1 Reverse Proxy Auth | 2023-05-25 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | |||||
| CVE-2023-32989 | 1 Jenkins | 1 Azure Vm Agents | 2023-05-25 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. | |||||
| CVE-2015-9307 | 1 Flippercode | 1 Wp Google Map | 2023-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. | |||||
| CVE-2015-9309 | 1 Flippercode | 1 Wp Google Map | 2023-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. | |||||
| CVE-2015-9308 | 1 Flippercode | 1 Wp Google Map | 2023-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. | |||||
| CVE-2008-4128 | 1 Cisco | 2 871 Integrated Services Router, Ios | 2023-05-22 | 9.3 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2023-28361 | 1 Uni | 9 Cloud Key Gen2, Cloud Key Gen2 Plus, Ubiquiti Networks Unifi Dream Machine and 6 more | 2023-05-22 | N/A | 6.5 MEDIUM |
| A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later. | |||||
| CVE-2023-2444 | 1 Rockwellautomation | 1 Factorytalk Vantagepoint | 2023-05-20 | N/A | 8.8 HIGH |
| A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well. | |||||
| CVE-2023-27889 | 1 Lqd | 1 Liquid Speech Balloon | 2023-05-17 | N/A | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page. | |||||
| CVE-2022-45846 | 1 Wpmart | 1 Interactive Svg Image Map Builder | 2023-05-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin < 5.6.9 versions. | |||||
| CVE-2020-23363 | 1 Verydows | 1 Verydows | 2023-05-15 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script. | |||||
| CVE-2015-5698 | 1 Siemens | 2 Simatic S7 1200 Cpu, Simatic S7 1200 Cpu Firmware | 2023-05-15 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2020-36065 | 1 Flycms Project | 1 Flycms | 2023-05-12 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. | |||||