Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0990 | 2025-03-05 | 4.3 Medium | ||
| The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23_gloria_settings_page function. This makes it possible for unauthenticated attackers to reset the tenant ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-56903 | 2025-03-04 | 8.1 High | ||
| Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack. | ||||
| CVE-2024-56901 | 2025-03-04 | 8.8 High | ||
| A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF attack. | ||||
| CVE-2025-23411 | 1 Myscada | 1 Mypro | 2025-03-04 | 6.3 Medium |
| mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website. | ||||
| CVE-2013-3690 | 1 Brickcom | 7 100ap Device Firmware, Fb-100ap, Md-100ap and 4 more | 2025-03-04 | N/A |
| Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users. | ||||
| CVE-2025-27579 | 2025-03-04 | 5.4 Medium | ||
| In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings. | ||||
| CVE-2025-27402 | 2025-03-04 | 4.6 Medium | ||
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740414959 and Tuleap Enterprise Edition 16.4-6 and 16.3-11. | ||||
| CVE-2025-26206 | 2025-03-04 | 9 Critical | ||
| Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component | ||||
| CVE-2024-50705 | 2025-03-04 | 7.1 High | ||
| Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter. | ||||
| CVE-2024-30154 | 2025-03-04 | 5.3 Medium | ||
| HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2025-25379 | 2025-03-04 | 9.6 Critical | ||
| Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component. | ||||
| CVE-2024-13682 | 2025-03-04 | 4.3 Medium | ||
| The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation in class-wallet-user-table.php. This makes it possible for unauthenticated attackers to modify wallet balances via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-1813 | 2025-03-03 | 4.3 Medium | ||
| A vulnerability classified as problematic was found in zj1983 zz up to 2024-08. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-23446 | 2025-03-03 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in NotFound WP SpaceContent allows Stored XSS. This issue affects WP SpaceContent: from n/a through 0.4.5. | ||||
| CVE-2025-27336 | 2025-03-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just Variables allows Cross Site Request Forgery. This issue affects Just Variables: from n/a through 1.2.3. | ||||
| CVE-2025-27339 | 2025-03-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minimum Password Strength allows Cross Site Request Forgery. This issue affects Minimum Password Strength: from n/a through 1.2.0. | ||||
| CVE-2024-13518 | 2025-03-03 | 4.3 Medium | ||
| The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.11. This is due to missing or incorrect nonce validation on the 'sp_save_edited_post' function. This makes it possible for unauthenticated attackers to modify a forum post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-7574 | 1 Cyberfoxdigital | 1 Christmasify\! | 2025-03-01 | 6.1 Medium |
| The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-7492 | 1 Mainwp | 1 Mainwp Child | 2025-03-01 | 8.8 High |
| The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. | ||||
| CVE-2023-24920 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||