CVE Daily
← All tags

Tag: Cross-Site Request Forgery (CSRF)

All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 2/2 • 133 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-05-02
Low

CVE-2024-4128

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was runnin…

CVSS: 2.6 CWE: CWE-352
Read more
2024-04-11
Medium

CVE-2024-32106

Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35.

CVSS: 4.3 CWE: CWE-352
Read more
2024-04-10
High

CVE-2024-2196

aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the u…

CVSS: 8.8 CWE: CWE-352
Read more
2024-04-02
Medium

CVE-2024-1504

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce valid…

CVSS: 4.3 CWE: CWE-352
Read more
2024-03-30
High

CVE-2024-1522

A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execu…

CVSS: 8.8 CWE: CWE-352
Read more
2024-03-21
Medium

CVE-2024-1727

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious…

CVSS: 4.3 CWE: CWE-352
Read more
2024-03-02
Medium

CVE-2024-1592

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce valida…

CVSS: 4.3 CWE: CWE-352
Read more
2023-06-20
High

CVE-2023-2533

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute a…

CVSS: 8.4 CWE: CWE-352
Read more
2021-01-20
High

CVE-2021-1257

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate…

CVSS: 8.8 CWE: CWE-352
Read more
2019-01-24
Medium

CVE-2019-1658

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and pe…

CVSS: 4.7 CWE: CWE-352
Read more
2017-09-21
High

CVE-2017-12253

A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery…

CVSS: 8.8 CWE: CWE-352
Read more
2015-07-16
Medium

CVE-2015-4274

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users,…

CVSS: 6.8 CWE: CWE-352
Read more
2015-05-20
Medium

CVE-2015-0740

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.

CVSS: 6.8 CWE: CWE-352
Read more