Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46190 | 1 Novo-media | 1 Novo-map\ | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions. | |||||
| CVE-2023-46189 | 1 Xtendify | 1 Simple Calendar | 2023-11-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions. | |||||
| CVE-2023-46089 | 1 Userback | 1 Userback | 2023-10-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions. | |||||
| CVE-2023-46085 | 1 Wpmet | 1 Wp Ultimate Review | 2023-10-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. | |||||
| CVE-2023-46095 | 1 Chetangole | 1 Smooth Scroll Links | 2023-10-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions. | |||||
| CVE-2023-5802 | 1 Wpknowledgebase | 1 Wp Knowledgebase | 2023-10-30 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions. | |||||
| CVE-2023-46067 | 1 Qwerty23 | 1 Rocket Font | 2023-10-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions. | |||||
| CVE-2023-46078 | 1 Pluginever | 1 Wc Serial Numbers | 2023-10-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions. | |||||
| CVE-2023-5687 | 1 Mosparo | 1 Mosparo | 2023-10-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3. | |||||
| CVE-2023-5690 | 1 Modoboa | 1 Modoboa | 2023-10-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. | |||||
| CVE-2023-43118 | 1 Extremenetworks | 1 Exos | 2023-10-27 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API. | |||||
| CVE-2023-44385 | 1 Home-assistant | 1 Home Assistant Companion | 2023-10-26 | N/A | 8.8 HIGH |
| The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161. | |||||
| CVE-2023-2307 | 1 Builder | 1 Qwik | 2023-10-25 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0. | |||||
| CVE-2023-42435 | 1 Dexma | 1 Dexgate | 2023-10-25 | N/A | 8.8 HIGH |
| The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user. | |||||
| CVE-2022-40291 | 1 Phppointofsale | 1 Php Point Of Sale | 2023-10-25 | N/A | 8.8 HIGH |
| The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. | |||||
| CVE-2020-2240 | 1 Jenkins | 1 Database | 2023-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | |||||
| CVE-2020-2237 | 1 Jenkins | 1 Flaky Test Handler | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | |||||
| CVE-2020-2235 | 1 Jenkins | 1 Pipeline Maven Integration | 2023-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | |||||
| CVE-2020-2215 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password. | |||||
| CVE-2020-2203 | 1 Jenkins | 1 Fortify On Demand | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. | |||||