Total
8623 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0215 | 1 Xootix | 3 Login\/signup Popup, Side Cart Woocommerce, Waitlist Woocommerce | 2025-02-13 | 8.8 High |
| The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax). | ||||
| CVE-2024-5676 | 2025-02-13 | 6.8 Medium | ||
| The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system. | ||||
| CVE-2023-50778 | 1 Jenkins | 1 Paaslane Estimate | 2025-02-13 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token. | ||||
| CVE-2023-50775 | 1 Jenkins | 1 Deployment Dashboard | 2025-02-13 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. | ||||
| CVE-2023-50774 | 1 Jenkins | 1 Html Resource | 2025-02-13 | 8.1 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system. | ||||
| CVE-2023-50766 | 1 Jenkins | 1 Nexus Platform | 2025-02-13 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | ||||
| CVE-2023-49920 | 1 Apache | 1 Airflow | 2025-02-13 | 6.5 Medium |
| Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected | ||||
| CVE-2023-49655 | 1 Jenkins | 1 Matlab | 2025-02-13 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. | ||||
| CVE-2023-0480 | 1 Vitalpbx | 1 Vitalpbx | 2025-02-13 | 8.8 High |
| VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF. | ||||
| CVE-2023-4047 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Enterprise Linux and 4 more | 2025-02-13 | 8.8 High |
| A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | ||||
| CVE-2023-32344 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2025-02-13 | 4.3 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898. | ||||
| CVE-2021-26296 | 2 Apache, Netapp | 2 Myfaces, Oncommand Insight | 2025-02-13 | 7.5 High |
| In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. | ||||
| CVE-2024-36669 | 1 Idccms Project | 1 Idccms | 2025-02-13 | 5.4 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add. | ||||
| CVE-2024-36668 | 1 Idccms Project | 1 Idccms | 2025-02-13 | 5.4 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del | ||||
| CVE-2024-36667 | 1 Idccms Project | 1 Idccms | 2025-02-13 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close | ||||
| CVE-2024-36550 | 1 Idccms | 1 Idccms | 2025-02-13 | 8.8 High |
| idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close | ||||
| CVE-2024-36549 | 1 Idccms | 1 Idccms | 2025-02-13 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close | ||||
| CVE-2024-36548 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2025-02-13 | 5.4 Medium |
| idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del | ||||
| CVE-2024-36547 | 1 Idccms | 1 Idccms | 2025-02-13 | 8.8 High |
| idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add | ||||
| CVE-2025-26568 | 2025-02-13 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information allows Stored XSS. This issue affects Easy Amazon Product Information: from n/a through 4.0.1. | ||||