Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45172 | 2024-11-21 | 6.8 Medium | ||
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web interface offers no protection against cross-site request forgery (CSRF) attacks. | ||||
| CVE-2024-41603 | 2024-11-21 | 9.6 Critical | ||
| Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout. | ||||
| CVE-2024-41602 | 2024-11-21 | 8.8 High | ||
| Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL | ||||
| CVE-2024-41597 | 1 Processwire | 1 Processwire | 2024-11-21 | 4.2 Medium |
| Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. | ||||
| CVE-2024-41305 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 7.1 High |
| A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. | ||||
| CVE-2024-40601 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.3 Medium |
| An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules. | ||||
| CVE-2024-40334 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3 | ||||
| CVE-2024-40332 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2024-11-21 | 6.8 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord | ||||
| CVE-2024-40331 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup | ||||
| CVE-2024-40329 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup | ||||
| CVE-2024-40328 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 6.3 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6 | ||||
| CVE-2024-40119 | 1 Nepstech | 1 Ntpl-xpon1gfevn Firmware | 2024-11-21 | 8.8 High |
| Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote attackers to change the admin password without the user's consent, leading to a potential account takeover. | ||||
| CVE-2024-40038 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 5.3 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev | ||||
| CVE-2024-40037 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del | ||||
| CVE-2024-40035 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 5.9 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add. | ||||
| CVE-2024-40034 | 1 Idccms Project | 1 Idccms | 2024-11-21 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del | ||||
| CVE-2024-3972 | 1 Davidjmiller | 1 Similarity | 2024-11-21 | 4.3 Medium |
| The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-3932 | 2024-11-21 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in Totara LMS 18.0.1 Build 20231128.01. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261369 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-3873 | 2024-11-21 | 4.3 Medium | ||
| A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has been classified as problematic. This affects an unknown part of the component Web Interface. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260907. | ||||
| CVE-2024-3825 | 2024-11-21 | 4.3 Medium | ||
| Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration | ||||