Total
8000 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52711 | 2025-07-02 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8. | |||||
| CVE-2025-50369 | 1 Anujk305 | 1 Medical Card Generation System | 2025-07-01 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request. | |||||
| CVE-2025-50370 | 1 Anujk305 | 1 Medical Card Generation System | 2025-07-01 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request. | |||||
| CVE-2025-6864 | 1 Seacms | 1 Seacms | 2025-07-01 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6865 | 1 Daicuo | 1 Daicuo | 2025-07-01 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-1522 | 1 Parisneo | 1 Lollms-webui | 2025-06-30 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application. | |||||
| CVE-2025-53272 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup allows Cross Site Request Forgery. This issue affects Image Cleanup: from n/a through 1.9.2. | |||||
| CVE-2025-53313 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite allows Stored XSS. This issue affects Twitch TV Embed Suite: from n/a through 2.1.0. | |||||
| CVE-2025-53327 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6. | |||||
| CVE-2025-53310 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Funnnny HidePost allows Reflected XSS. This issue affects HidePost: from n/a through 2.3.8. | |||||
| CVE-2025-53268 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ryanpcmcquen Import external attachments allows Cross Site Request Forgery. This issue affects Import external attachments: from n/a through 1.5.12. | |||||
| CVE-2025-53197 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot allows Cross Site Request Forgery. This issue affects Cookiebot: from n/a through 4.5.8. | |||||
| CVE-2025-53271 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Anton Bond Additional Order Filters for WooCommerce allows Stored XSS. This issue affects Additional Order Filters for WooCommerce: from n/a through 1.22. | |||||
| CVE-2025-53264 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Konrád Koller ONet Regenerate Thumbnails allows Cross Site Request Forgery. This issue affects ONet Regenerate Thumbnails: from n/a through 1.5. | |||||
| CVE-2025-53193 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics allows Cross Site Request Forgery. This issue affects Burst Statistics: from n/a through 2.0.6. | |||||
| CVE-2025-53311 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe allows Stored XSS. This issue affects Navayan Subscribe: from n/a through 1.13. | |||||
| CVE-2025-53270 | 2025-06-30 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA allows Cross Site Request Forgery. This issue affects WordPress CTA: from n/a through 1.6.9. | |||||
| CVE-2025-53317 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in AcmeeDesign WPShapere Lite allows Stored XSS. This issue affects WPShapere Lite: from n/a through 1.4. | |||||
| CVE-2025-53315 | 2025-06-30 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload allows Stored XSS. This issue affects Relocate Upload: from n/a through 0.24.1. | |||||
| CVE-2025-53263 | 2025-06-30 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms allows Cross Site Request Forgery. This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through 1.3.4. | |||||