Total
6529 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32863 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | N/A | 8.8 HIGH |
| Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2024-7360 | 1 Oretnom23 | 1 Tracking Monitoring Management System | 2024-08-09 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273339. | |||||
| CVE-2024-7367 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-09 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273351. | |||||
| CVE-2024-7492 | 2024-08-08 | N/A | 8.8 HIGH | ||
| The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. | |||||
| CVE-2024-7460 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-06 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273553 was assigned to this vulnerability. | |||||
| CVE-2024-7459 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-06 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273552. | |||||
| CVE-2024-41811 | 2024-08-06 | N/A | 3.9 LOW | ||
| ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release. | |||||
| CVE-2024-38776 | 2024-08-02 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site Scripting (XSS).This issue affects WP GoToWebinar: from n/a through 15.7. | |||||
| CVE-2024-3238 | 2024-08-02 | N/A | 8.8 HIGH | ||
| The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajax_handle_delete_icons() function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please not the CSRF was patched in 5.0.28, however, adequate directory traversal protection wasn't introduced until 5.0.30. | |||||