Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3582 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 3.5 LOW |
| A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability. | |||||
| CVE-2023-5961 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2023-12-28 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. | |||||
| CVE-2023-49920 | 1 Apache | 1 Airflow | 2023-12-28 | N/A | 6.5 MEDIUM |
| Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected | |||||
| CVE-2021-21675 | 1 Jenkins | 1 Requests | 2023-12-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. | |||||
| CVE-2021-21655 | 1 Jenkins | 1 P4 | 2023-12-27 | 5.8 MEDIUM | 7.1 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. | |||||
| CVE-2023-49821 | 1 Livechat | 1 Livechat | 2023-12-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15. | |||||
| CVE-2023-46212 | 1 Wpvnteam | 1 Wp Extra | 2023-12-22 | N/A | 8.8 HIGH |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2. | |||||
| CVE-2023-48751 | 1 Xnau | 1 Participants Database | 2023-12-22 | N/A | 8.8 HIGH |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5. | |||||
| CVE-2022-27214 | 1 Jenkins | 1 Release Helper | 2023-12-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2022-29050 | 1 Jenkins | 1 Publish Over Ftp | 2023-12-22 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials. | |||||
| CVE-2022-30946 | 1 Jenkins | 1 Script Security | 2023-12-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. | |||||
| CVE-2022-30930 | 1 Phpgurukul | 1 Tourism Management System | 2023-12-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). | |||||
| CVE-2023-47787 | 1 Automattic | 1 Woocommerce Bookings | 2023-12-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3. | |||||
| CVE-2023-47789 | 1 Automattic | 1 Canada Post Shipping Method | 2023-12-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3. | |||||
| CVE-2023-49163 | 1 Mtrv | 1 Teachpress | 2023-12-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.5. | |||||
| CVE-2023-49164 | 1 Oceanwp | 1 Ocean Extra | 2023-12-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2. | |||||
| CVE-2023-48768 | 1 Codeastrology | 1 Quantity Plus Minus Button For Woocommerce | 2023-12-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9. | |||||
| CVE-2023-48772 | 1 Arulprasadj | 1 Prevent Landscape Rotation | 2023-12-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation.This issue affects Prevent Landscape Rotation: from n/a through 2.0. | |||||
| CVE-2023-48769 | 1 Bluecoral | 1 Chat Bubble | 2023-12-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back: from n/a through 2.3. | |||||
| CVE-2023-48773 | 1 Wpdoctor | 1 Woocommerce Login Redirect | 2023-12-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.This issue affects WooCommerce Login Redirect: from n/a through 2.2.4. | |||||