Total
7682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27195 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5. | |||||
| CVE-2024-27194 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6. | |||||
| CVE-2024-25914 | 1 Photoboxone | 1 Smtp Mail | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20. | |||||
| CVE-2024-24935 | 1 Wpsimpletools | 1 Basic Log Viewer | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4. | |||||
| CVE-2024-24929 | 1 Ftwr | 1 Wp Contact Form | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form.This issue affects WP Contact Form: from n/a through 1.6. | |||||
| CVE-2024-24887 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. | |||||
| CVE-2024-24884 | 1 Ari-soft | 1 Contact Form 7 Connector | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2. | |||||
| CVE-2024-24875 | 1 Ylefebvre | 1 Link Library | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13. | |||||
| CVE-2024-24837 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0. | |||||
| CVE-2024-24820 | 1 Icinga | 1 Icinga | 2024-11-21 | N/A | 8.3 HIGH |
| Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being. | |||||
| CVE-2024-24819 | 1 Icinga | 1 Icingaweb2-module-incubator | 2024-11-21 | N/A | 5.3 MEDIUM |
| icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-24777 | 1 Level1 | 2 Wbr-6012, Wbr-6012 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability. | |||||
| CVE-2024-24706 | 1 Forumone | 1 Wp-cfm | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8. | |||||
| CVE-2024-24705 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6. | |||||
| CVE-2024-24593 | 1 Clear | 1 Clearml | 2024-11-21 | N/A | 9.6 CRITICAL |
| A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks. | |||||
| CVE-2024-24524 | 1 Flusity | 1 Flusity | 2024-11-21 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. | |||||
| CVE-2024-24469 | 1 Flusity | 1 Flusity | 2024-11-21 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | |||||
| CVE-2024-24336 | 2024-11-21 | N/A | 8.1 HIGH | ||
| A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and ‘Patrons Restriction’ components. | |||||
| CVE-2024-23831 | 1 Ledgersmb | 1 Ledgersmb | 2024-11-21 | N/A | 7.5 HIGH |
| LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9. | |||||
| CVE-2024-23785 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. | |||||