Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2405 | 1 Themehunk | 1 Wp Popup Builder | 2023-06-30 | N/A | 4.3 MEDIUM |
| The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | |||||
| CVE-2023-1722 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2023-06-30 | N/A | 8.8 HIGH |
| Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | |||||
| CVE-2023-34927 | 1 Casbin | 1 Casdoor | 2023-06-28 | N/A | 6.5 MEDIUM |
| Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL. | |||||
| CVE-2022-3372 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2023-06-28 | N/A | 8.8 HIGH |
| There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations. | |||||
| CVE-2023-34028 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Manager Professional | 2023-06-28 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. | |||||
| CVE-2023-32960 | 1 Updraftplus | 1 Updraftplus | 2023-06-28 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS). | |||||
| CVE-2023-35917 | 1 Woocommerce | 1 Paypal Payments | 2023-06-28 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | |||||
| CVE-2023-23795 | 1 Web-settler | 1 Form Builder | 2023-06-28 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions. | |||||
| CVE-2020-20502 | 1 Yzmcms | 1 Yzmcms | 2023-06-27 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. | |||||
| CVE-2017-12271 | 1 Cisco | 4 Spa300 Firmware, Spa300 Series Ip Phone, Spa500 Firmware and 1 more | 2023-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. | |||||
| CVE-2020-21366 | 1 Njtech | 1 Greencms | 2023-06-27 | N/A | 8.0 HIGH |
| Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php. | |||||
| CVE-2022-2312 | 1 Student Result Or Employee Database Project | 1 Student Result Or Employee Database | 2023-06-27 | N/A | 5.4 MEDIUM |
| The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting | |||||
| CVE-2020-20726 | 1 Gilacms | 1 Gila Cms | 2023-06-27 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. | |||||
| CVE-2020-21252 | 1 Hongcms Project | 1 Hongcms | 2023-06-27 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. | |||||
| CVE-2023-34373 | 1 Zephyr Project Manager Project | 1 Zephyr Project Manager | 2023-06-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions. | |||||
| CVE-2022-41924 | 2 Microsoft, Tailscale | 2 Windows, Tailscale | 2023-06-27 | N/A | 9.6 CRITICAL |
| A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue. | |||||
| CVE-2023-35148 | 1 Jenkins | 1 Digital.ai App Management Publisher | 2023-06-26 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | |||||
| CVE-2023-35141 | 1 Jenkins | 1 Jenkins | 2023-06-23 | N/A | 8.0 HIGH |
| In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. | |||||
| CVE-2023-25055 | 1 Digitalinspiration | 1 Google Xml Sitemap For Videos | 2023-06-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions. | |||||
| CVE-2023-25450 | 1 Givewp | 1 Givewp | 2023-06-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions. | |||||