Total
7680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30568 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super Static Cache allows Cross Site Request Forgery. This issue affects Super Static Cache: from n/a through 3.3.5. | |||||
| CVE-2025-30555 | 2025-03-27 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in iiiryan WordPres 同步微博 allows Stored XSS. This issue affects WordPres 同步微博: from n/a through 1.1.0. | |||||
| CVE-2025-30550 | 2025-03-27 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WPShop.ru CallPhone'r allows Stored XSS. This issue affects CallPhone'r: from n/a through 1.1.1. | |||||
| CVE-2025-30587 | 2025-03-27 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP Meta allows Stored XSS. This issue affects LH OGP Meta: from n/a through 1.73. | |||||
| CVE-2025-30526 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in lucksy Typekit plugin for WordPress allows Cross Site Request Forgery. This issue affects Typekit plugin for WordPress: from n/a through 1.2.3. | |||||
| CVE-2025-30528 | 2025-03-27 | N/A | 9.3 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos allows SQL Injection. This issue affects Awesome Logos: from n/a through 1.2. | |||||
| CVE-2025-30585 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in marynixie Generate Post Thumbnails allows Cross Site Request Forgery. This issue affects Generate Post Thumbnails: from n/a through 0.8. | |||||
| CVE-2024-20986 | 1 Oracle | 1 Weblogic Server | 2025-03-27 | N/A | 6.1 MEDIUM |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2023-51512 | 1 Woobewoo | 1 Product Table | 2025-03-27 | N/A | 4.3 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6. | |||||
| CVE-2023-20856 | 1 Vmware | 1 Vrealize Operations | 2025-03-27 | N/A | 8.8 HIGH |
| VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. | |||||
| CVE-2023-23750 | 1 Joomla | 1 Joomla\! | 2025-03-26 | N/A | 6.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | |||||
| CVE-2023-25015 | 2 Clockwork Web Project, Rubyonrails | 2 Clockwork Web, Rails | 2025-03-26 | N/A | 6.5 MEDIUM |
| Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | |||||
| CVE-2024-4382 | 1 Wielebenwir | 1 Commonsbooking | 2025-03-26 | N/A | 6.5 MEDIUM |
| The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks | |||||
| CVE-2021-37234 | 1 Modern Honey Network Project | 1 Modern Honey Network | 2025-03-26 | N/A | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API. | |||||
| CVE-2021-36570 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-03-26 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | |||||
| CVE-2021-36569 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-03-26 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | |||||
| CVE-2021-36444 | 1 Txjia | 1 Imcat | 2025-03-26 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | |||||
| CVE-2021-36443 | 1 Txjia | 1 Imcat | 2025-03-26 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. | |||||
| CVE-2024-7806 | 1 Openwebui | 1 Open Webui | 2025-03-26 | N/A | 8.8 HIGH |
| A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious HTML that, when accessed by a victim, can modify the Python code of an existing pipeline and execute arbitrary code with the victim's privileges. | |||||
| CVE-2024-8026 | 1 Qanything | 1 Qanything | 2025-03-26 | N/A | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating, uploading, listing, deleting files, and managing knowledge bases. | |||||