High
CVE-2024-42627
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3.
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 26/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1402 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-08-12
High
CVE-2024-42626
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.
High
CVE-2024-42625
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add
High
CVE-2024-42624
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10.
High
CVE-2024-42623
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1
High
CVE-2024-42632
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.
High
CVE-2024-42631
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1.
High
CVE-2024-42630
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.
High
CVE-2024-42629
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10.
High
CVE-2024-42628
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3.
Medium
CVE-2024-7662
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. This vulnerability affects the function save_package of the file admin/packa…
Medium
CVE-2024-7661
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function save_users of the file admin/user/index.php. The…
Medium
CVE-2024-7645
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file users.php of the component…
Medium
CVE-2024-7574
The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This mak…
Medium
CVE-2024-6136
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
High
CVE-2024-40488
A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via…
High
CVE-2024-40476
A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying…
2024-08-08
Medium
CVE-2024-6254
The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form sub…
High
CVE-2024-7492
The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networ…
2024-08-06
High
CVE-2024-6720
The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
2024-08-05
Low
CVE-2024-41811
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected p…
Medium
CVE-2024-5081
The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored…
High
CVE-2024-2232
The lacks CSRF checks allowing a user to invite any user to any group (including private groups)
2024-08-04
Medium
CVE-2024-7460
A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.ph…
Medium
CVE-2024-7459
A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to…
2024-08-02
High
CVE-2024-38776
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site Scripting (XSS).This issue affects WP GoToWebinar: from n/a through 15.7.
High
CVE-2024-3238
The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect…
2024-08-01
Medium
CVE-2024-7367
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulatio…
Medium
CVE-2024-32863
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
Medium
CVE-2024-7360
A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cro…
High
CVE-2024-6040
In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reload_binding, /ins…
Medium
CVE-2024-6496
The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack
High
CVE-2024-3983
The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as d…
Medium
CVE-2024-2843
The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks
Medium
CVE-2024-1747
The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and upd…
High
CVE-2024-40883
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be dir…
2024-07-31
High
CVE-2024-3083
A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a…
Medium
CVE-2024-6412
The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
2024-07-30
Medium
CVE-2023-38001
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.…
Medium
CVE-2024-7226
A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save_user of the…
Medium
CVE-2024-6230
The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via…
Medium
CVE-2024-6224
The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make…
Medium
CVE-2024-5808
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such…
2024-07-29
Medium
CVE-2024-5285
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF…
2024-07-28
Medium
CVE-2024-7169
A vulnerability classified as problematic has been found in SourceCodester School Fees Payment System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site req…
Medium
CVE-2024-7161
A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Ch…
2024-07-26
Medium
CVE-2024-6490
During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby dele…
2024-07-25
Medium
CVE-2024-7106
A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-s…
2024-07-24
Medium
CVE-2024-7065
A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request for…
Medium
CVE-2024-3246
The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it…
Medium
CVE-2024-6751
The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple func…
2024-07-22
Medium
CVE-2024-6271
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack
High
CVE-2024-6244
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
2024-07-20
Medium
CVE-2024-5804
The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validati…
2024-07-19
Medium
CVE-2024-41597
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.
Critical
CVE-2024-41603
Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout.
High
CVE-2024-41602
Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL
High
CVE-2023-7269
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add S…
2024-07-18
Medium
CVE-2024-39090
The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit…
Medium
CVE-2024-39681
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonc…
Medium
CVE-2024-39680
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonc…
Medium
CVE-2024-39679
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonc…
Medium
CVE-2024-39678
Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation o…
2024-07-17
High
CVE-2024-40119
Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote attack…
2024-07-16
Medium
CVE-2024-5815
A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the att…
2024-07-15
High
CVE-2024-6075
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
2024-07-13
High
CVE-2024-5287
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack
Medium
CVE-2024-5284
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin a…
Medium
CVE-2024-5280
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in use…
High
CVE-2024-5167
The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers t…
Medium
CVE-2024-5077
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored…
High
CVE-2024-5076
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
High
CVE-2024-5034
The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Medium
CVE-2024-5033
The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS pa…
Medium
CVE-2024-5028
The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSR…
Medium
CVE-2024-3632
The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
2024-07-12
Medium
CVE-2024-37941
Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: fro…
High
CVE-2024-37940
Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13.
Medium
CVE-2024-37939
Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Lite.This issue affects Patricia Lite: from n/a through 1.2.3.
Medium
CVE-2024-37938
Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10.
High
CVE-2024-37213
Cross-Site Request Forgery (CSRF) vulnerability in guru-aliexpress AliNext ali2woo-lite allows Cross Site Request Forgery.This issue affects AliNext: from n/a through <= 3.4.6.
High
CVE-2024-35773
Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting (XSS).This issue affects Comment Reply Email: from n/a through 1.3.
High
CVE-2024-6024
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack
High
CVE-2024-6023
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack
High
CVE-2024-6022
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
2024-07-11
High
CVE-2024-1845
The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CS…
Critical
CVE-2024-6397
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verificati…
2024-07-10
Medium
CVE-2024-6649
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file…
High
CVE-2024-40332
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord
High
CVE-2024-40331
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup
High
CVE-2024-40334
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3
High
CVE-2024-40333
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2
High
CVE-2024-40329
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup
Medium
CVE-2024-40328
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6
High
CVE-2024-28828
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
High
CVE-2024-3798
Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a us…
Low
CVE-2024-36452
Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a ma…
2024-07-09
High
CVE-2024-39063
Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equiva…
High
CVE-2024-40039
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del
Medium
CVE-2024-40038
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev
High
CVE-2024-40037
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del
High
CVE-2024-40036
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close
Medium
CVE-2024-40035
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.
High
CVE-2024-40034
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del
High
CVE-2024-27783
Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an au…
Medium
CVE-2024-6168
The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJ…
Medium
CVE-2024-4100
The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() func…
High
CVE-2024-6321
The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and miss…
High
CVE-2024-6320
The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. This is due to missing nonce validation and missing…
High
CVE-2024-6317
The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce v…
High
CVE-2024-6316
The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce v…
High
CVE-2024-6310
The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.7.7. This is due to missing nonce validatio…
High
CVE-2024-6309
The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. This is due to missing nonce vali…
Medium
CVE-2024-37923
Cross-Site Request Forgery (CSRF) vulnerability in cliengo Cliengo – Chatbot cliengo allows Cross Site Request Forgery.This issue affects Cliengo – Chatbot: from n/a through <= 3.0.4.
2024-07-08
High
CVE-2023-47677
A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attac…
2024-07-07
Medium
CVE-2024-40603
An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request.
Medium
CVE-2024-40601
An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.
2024-07-06
Medium
CVE-2024-5616
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a m…
2024-07-05
High
CVE-2024-39023
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close
High
CVE-2024-39022
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal