Total
7995 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46610 | 1 Artec-it | 1 Enterprise Mail Archive | 2025-07-16 | N/A | 8.8 HIGH |
| ARTEC EMA Mail 6.92 allows CSRF. | |||||
| CVE-2025-30756 | 2025-07-16 | N/A | 6.1 MEDIUM | ||
| Vulnerability in Oracle REST Data Services (component: General). The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle REST Data Services accessible data as well as unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2025-30745 | 2025-07-16 | N/A | 6.1 MEDIUM | ||
| Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MES for Process Manufacturing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle MES for Process Manufacturing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle MES for Process Manufacturing accessible data as well as unauthorized read access to a subset of Oracle MES for Process Manufacturing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2025-54035 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters allows Cross Site Request Forgery. This issue affects Newsletters: from n/a through 4.10. | |||||
| CVE-2025-54041 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce allows Cross Site Request Forgery. This issue affects Wallet System for WooCommerce: from n/a through 2.6.7. | |||||
| CVE-2025-54039 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator allows Cross Site Request Forgery. This issue affects Animator: from n/a through 3.0.16. | |||||
| CVE-2025-54038 | 2025-07-16 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress allows Cross Site Request Forgery. This issue affects Restaurant Menu by MotoPress: from n/a through 2.4.6. | |||||
| CVE-2025-54042 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in xfinitysoft WP Post Hide allows Cross Site Request Forgery. This issue affects WP Post Hide: from n/a through 1.0.9. | |||||
| CVE-2025-54010 | 2025-07-16 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross Site Request Forgery. This issue affects FluentSnippets: from n/a through 10.50. | |||||
| CVE-2025-54030 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector allows Cross Site Request Forgery. This issue affects WooCommerce Google Sheet Connector: from n/a through 1.3.20. | |||||
| CVE-2025-54036 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking allows Cross Site Request Forgery. This issue affects Webba Booking: from n/a through 5.1.20. | |||||
| CVE-2025-54033 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor allows Cross Site Request Forgery. This issue affects Theme Builder For Elementor: from n/a through 1.2.3. | |||||
| CVE-2025-54022 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Cross Site Request Forgery. This issue affects Coupon Affiliates: from n/a through 6.4.0. | |||||
| CVE-2025-48153 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images allows Stored XSS. This issue affects Import CDN-Remote Images: from n/a through 2.1.2. | |||||
| CVE-2025-54020 | 2025-07-16 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.3. | |||||
| CVE-2024-5712 | 1 Stitionai | 1 Devika | 2025-07-15 | N/A | 8.1 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings, without any CSRF protection implemented. Successful exploitation disrupts the integrity and availability of the application and its data. | |||||
| CVE-2025-49462 | 2025-07-15 | N/A | 3.5 LOW | ||
| Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access. | |||||
| CVE-2024-5616 | 1 Mudler | 1 Localai | 2025-07-15 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview', without the victim's consent. The vulnerability is due to insufficient CSRF protection mechanisms on the model deletion functionality. | |||||
| CVE-2025-7667 | 2025-07-15 | N/A | 8.1 HIGH | ||
| The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php), via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-10819 | 1 Binary-husky | 1 Gpt Academic | 2025-07-14 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf. | |||||