Export limit exceeded: 10170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48309 | 1 Sophos | 1 Connect | 2025-03-07 | 4.3 Medium |
| A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | ||||
| CVE-2022-45142 | 1 Heimdal Project | 1 Heimdal | 2025-03-06 | 7.5 High |
| The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. | ||||
| CVE-2023-4059 | 1 Cozmoslabs | 1 Profile Builder | 2025-03-06 | 4.3 Medium |
| The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog | ||||
| CVE-2022-4265 | 1 Gopostmatic | 1 Replyable | 2025-03-06 | 8.8 High |
| The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user | ||||
| CVE-2025-25967 | 1 Ddsn | 1 Acora Cms | 2025-03-06 | 6.8 Medium |
| Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests. | ||||
| CVE-2023-29290 | 1 Adobe | 2 Commerce, Magento | 2025-03-05 | 5.3 Medium |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-23411 | 1 Myscada | 1 Mypro | 2025-03-04 | 6.3 Medium |
| mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website. | ||||
| CVE-2024-7492 | 1 Mainwp | 1 Mainwp Child | 2025-03-01 | 8.8 High |
| The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. | ||||
| CVE-2023-24920 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-1205 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-28 | 8.8 High |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | ||||
| CVE-2024-45737 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.3 Medium |
| In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). | ||||
| CVE-2024-36991 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2025-02-28 | 7.5 High |
| In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. | ||||
| CVE-2023-22942 | 1 Splunk | 1 Splunk | 2025-02-28 | 5.4 Medium |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request. | ||||
| CVE-2023-32714 | 1 Splunk | 2 Splunk, Splunk App For Lookup File Editing | 2025-02-28 | 8.1 High |
| In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. | ||||
| CVE-2023-5893 | 1 Sfu | 1 Pkp Web Application Library | 2025-02-27 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5899 | 1 Pkp | 1 Pkp Web Application Library | 2025-02-27 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5902 | 1 Sfu | 1 Pkp Web Application Library | 2025-02-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5898 | 1 Pkp | 1 Pkp Web Application Library | 2025-02-27 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5897 | 1 Sfu | 1 Customlocale | 2025-02-27 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1. | ||||
| CVE-2023-27234 | 1 Jizhicms | 1 Jizhicms | 2025-02-27 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. | ||||