| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks |
| The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
| calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) |
| archivy is vulnerable to Cross-Site Request Forgery (CSRF) |
| A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem. |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
| yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) |
| pimcore is vulnerable to Cross-Site Request Forgery (CSRF) |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
| kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) |
| A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts. |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) |
| JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. |
| phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. |
| A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. |
