Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28678 | 2024-11-21 | 6.3 Medium | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php | ||||
| CVE-2024-28677 | 2024-11-21 | 6.1 Medium | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php. | ||||
| CVE-2024-28675 | 2024-11-21 | 8.8 High | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php | ||||
| CVE-2024-28673 | 2024-11-21 | 8.8 High | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php. | ||||
| CVE-2024-28672 | 2024-11-21 | 5.4 Medium | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php. | ||||
| CVE-2024-28670 | 2024-11-21 | 6.1 Medium | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php. | ||||
| CVE-2024-28669 | 2024-11-21 | 5.4 Medium | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php. | ||||
| CVE-2024-28667 | 2024-11-21 | 6.1 Medium | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php | ||||
| CVE-2024-28666 | 2024-11-21 | 5.5 Medium | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php | ||||
| CVE-2024-28665 | 2024-11-21 | 8.8 High | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php | ||||
| CVE-2024-28432 | 2024-11-21 | 8.8 High | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php. | ||||
| CVE-2024-28431 | 2024-11-21 | 8.8 High | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php. | ||||
| CVE-2024-28429 | 2024-11-21 | 5.5 Medium | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php | ||||
| CVE-2024-28233 | 2024-11-21 | 8.1 High | ||
| JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0. | ||||
| CVE-2024-27974 | 2024-11-21 | 6.3 Medium | ||
| Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]. | ||||
| CVE-2024-27967 | 2024-11-21 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. | ||||
| CVE-2024-27955 | 2024-11-21 | 8.3 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0. | ||||
| CVE-2024-27783 | 1 Fortinet | 1 Fortiaiops | 2024-11-21 | 7.2 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests. | ||||
| CVE-2024-27717 | 1 Eskooly | 1 Web Product | 2024-11-21 | 6.5 Medium |
| Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. | ||||
| CVE-2024-27694 | 1 Flycms Project | 1 Flycms | 2024-11-21 | 7.4 High |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. | ||||