Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28335 | 1 Moodle | 1 Moodle | 2024-04-19 | N/A | 8.8 HIGH |
| The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | |||||
| CVE-2023-41864 | 2024-04-18 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0. | |||||
| CVE-2024-3825 | 2024-04-17 | N/A | 4.3 MEDIUM | ||
| Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration | |||||
| CVE-2024-32549 | 2024-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Posts for WordPress allows Cross-Site Scripting (XSS).This issue affects Related Posts for WordPress: from n/a through 4.0.3. | |||||
| CVE-2024-32538 | 2024-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Easy CountDowner allows Stored XSS.This issue affects Easy CountDowner: from n/a through 1.0.8. | |||||
| CVE-2024-32550 | 2024-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1. | |||||
| CVE-2024-3135 | 2024-04-16 | N/A | 6.5 MEDIUM | ||
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers to exhaust system resources, consume credits, and fill disk space by making numerous resource-intensive API calls, such as generating images or uploading files. The vulnerability stems from the application's acceptance of simple request content-types without requiring CSRF tokens or implementing other CSRF mitigation measures. Successful exploitation does not require network access to the vulnerable LocalAI environment. | |||||
| CVE-2024-1727 | 2024-04-16 | N/A | 4.3 MEDIUM | ||
| A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py. | |||||
| CVE-2024-1522 | 2024-04-16 | N/A | 8.8 HIGH | ||
| A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application. | |||||
| CVE-2024-3782 | 2024-04-15 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user. | |||||
| CVE-2024-31293 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. | |||||
| CVE-2024-31363 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0. | |||||
| CVE-2024-31305 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5. | |||||
| CVE-2024-31239 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. | |||||
| CVE-2024-31251 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. | |||||
| CVE-2024-31303 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets.This issue affects Sign-up Sheets: from n/a through 2.2.11.1. | |||||
| CVE-2024-31289 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. | |||||
| CVE-2024-31271 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. | |||||
| CVE-2024-31269 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. | |||||
| CVE-2024-31265 | 2024-04-15 | N/A | 3.7 LOW | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | |||||