Total
8607 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29009 | 2024-11-21 | 6.1 Medium | ||
| Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in. | ||||
| CVE-2024-28828 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 8.8 High |
| Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. | ||||
| CVE-2024-27974 | 2024-11-21 | 6.3 Medium | ||
| Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]. | ||||
| CVE-2024-27265 | 3 Ibm, Linux, Microsoft | 4 Integration Bus, Z\/os, Linux Kernel and 1 more | 2024-11-21 | 4.5 Medium |
| IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. | ||||
| CVE-2024-27194 | 2024-11-21 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6. | ||||
| CVE-2024-25914 | 1 Photoboxone | 1 Smtp Mail | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20. | ||||
| CVE-2024-24935 | 1 Wpsimpletools | 1 Basic Log Viewer | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4. | ||||
| CVE-2024-24929 | 1 Ftwr | 1 Wp Contact Form | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form.This issue affects WP Contact Form: from n/a through 1.6. | ||||
| CVE-2024-24887 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. | ||||
| CVE-2024-24875 | 1 Ylefebvre | 1 Link Library | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13. | ||||
| CVE-2024-24777 | 2 Level1, Levelone | 3 Wbr-6012, Wbr-6012 Firmware, Wbr-6012 | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability. | ||||
| CVE-2024-24706 | 1 Forumone | 1 Wp-cfm | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8. | ||||
| CVE-2024-24524 | 1 Flusity | 1 Flusity | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. | ||||
| CVE-2024-24469 | 1 Flusity | 1 Flusity | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | ||||
| CVE-2024-23831 | 1 Ledgersmb | 1 Ledgersmb | 2024-11-21 | 7.5 High |
| LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9. | ||||
| CVE-2024-23785 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2024-11-21 | 6.1 Medium |
| Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. | ||||
| CVE-2024-23736 | 2024-11-21 | 8.8 High | ||
| Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | ||||
| CVE-2024-23597 | 2024-11-21 | 4.3 Medium | ||
| Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a. | ||||
| CVE-2024-23515 | 2024-11-21 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159. | ||||
| CVE-2024-23319 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.5 Low |
| Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message. | ||||