Total
8611 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38130 | 1 Cubecart | 1 Cubecart | 2025-01-06 | 8.1 High |
| Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | ||||
| CVE-2024-9665 | 1 Zimbra | 1 Zimbra | 2025-01-03 | 6.5 Medium |
| Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists within the implementation of the graphql endpoint. The issue results from the lack of proper protections against cross-site request forgery (CSRF) attacks. An attacker can leverage this vulnerability to disclose information in the context of the target email account. Was ZDI-CAN-23939. | ||||
| CVE-2024-37458 | 2025-01-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ExtendThemes Highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through 1.0.29. | ||||
| CVE-2024-38766 | 2025-01-03 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1. | ||||
| CVE-2024-38789 | 2025-01-03 | 5.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2. | ||||
| CVE-2023-35141 | 1 Jenkins | 1 Jenkins | 2025-01-02 | 8 High |
| In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. | ||||
| CVE-2024-43927 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through 1.0.23. | ||||
| CVE-2024-37543 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Nitesh Singh Ultimate Auction allows Cross Site Request Forgery.This issue affects Ultimate Auction : from n/a through 4.2.5. | ||||
| CVE-2024-38691 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Metorik Metorik – Reports & Email Automation for WooCommerce allows Cross Site Request Forgery.This issue affects Metorik – Reports & Email Automation for WooCommerce: from n/a through 1.7.1. | ||||
| CVE-2024-38729 | 2025-01-02 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MBE Worldwide S.p.A. MBE eShip allows Cross Site Request Forgery.This issue affects MBE eShip: from n/a through 2.1.2. | ||||
| CVE-2024-38751 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Google Adsense & Banner Ads by AdsforWP allows Cross Site Request Forgery.This issue affects Google Adsense & Banner Ads by AdsforWP: from n/a through 1.9.28. | ||||
| CVE-2024-38754 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Taggbox allows Cross Site Request Forgery.This issue affects Taggbox: from n/a through 3.3. | ||||
| CVE-2024-38762 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar Event Tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through 5.11.0.4. | ||||
| CVE-2024-38763 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Verse allows Cross Site Request Forgery.This issue affects Popularis Verse: from n/a through 1.1.1. | ||||
| CVE-2024-37238 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts – Classifieds Plugin allows Cross Site Request Forgery.This issue affects WPAdverts – Classifieds Plugin: from n/a through 2.1.2. | ||||
| CVE-2024-37240 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through 1.3.51. | ||||
| CVE-2024-37242 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through 2.13.2. | ||||
| CVE-2024-37274 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Freshlight Lab WP Mobile Menu allows Cross Site Request Forgery.This issue affects WP Mobile Menu: from n/a through 2.8.4.3. | ||||
| CVE-2024-37478 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Ashe allows Cross Site Request Forgery.This issue affects Ashe: from n/a through 2.233. | ||||
| CVE-2024-37493 | 2025-01-02 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SKT Themes Posterity allows Cross Site Request Forgery.This issue affects Posterity: from n/a through 3.3. | ||||