Total
7511 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25931 | 1 Opennms | 2 Horizon, Meridian | 2025-04-30 | 8.8 High |
| In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at `/opennms/admin/userGroupView/users/updateUser`. This flaw allows assigning `ROLE_ADMIN` security role to a normal user. Using this flaw, an attacker can trick the admin user to assign administrator privileges to a normal user by enticing him to click upon an attacker-controlled website. | ||||
| CVE-2021-25930 | 1 Opennms | 2 Horizon, Meridian | 2025-04-30 | 4.3 Medium |
| In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and since there is no validation of an existing user name while renaming a user. As a result, privileges of the renamed user are being overwritten by the old user and the old user is being deleted from the user list. | ||||
| CVE-2022-3632 | 1 Digitialpixies | 1 Oauth Client | 2025-04-30 | 6.5 Medium |
| The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. | ||||
| CVE-2022-35613 | 1 Konker | 1 Konker Platform | 2025-04-30 | 8.8 High |
| Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). | ||||
| CVE-2022-2449 | 1 Resmush.it | 1 Resmush.it Image Optimizer | 2025-04-30 | 6.5 Medium |
| The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site. | ||||
| CVE-2022-44389 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | 6.5 Medium |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | ||||
| CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | 8.8 High |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | ||||
| CVE-2024-13146 | 1 Fs-code | 1 Booknetic | 2025-04-30 | 8.8 High |
| The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack | ||||
| CVE-2022-45393 | 1 Jenkins | 1 Delete Log | 2025-04-30 | 3.5 Low |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | ||||
| CVE-2024-42768 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management | 2025-04-30 | 6.8 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. | ||||
| CVE-2024-45527 | 2 Redcap, Vanderbilt | 2 Redcap, Redcap | 2025-04-30 | 6.1 Medium |
| REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website. | ||||
| CVE-2025-46231 | 1 Servit | 1 Affiliate-toolkit | 2025-04-30 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3. | ||||
| CVE-2022-45398 | 1 Jenkins | 1 Cluster Statistics | 2025-04-30 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | ||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | 8.8 High |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | ||||
| CVE-2022-3750 | 1 Inkthemes | 1 Ask Me | 2025-04-30 | 4.7 Medium |
| The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. | ||||
| CVE-2022-3538 | 1 Webmaster Tools Verification Project | 1 Webmaster Tools Verification | 2025-04-30 | 6.5 Medium |
| The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | ||||
| CVE-2021-25976 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-04-30 | 8.1 High |
| In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. | ||||
| CVE-2021-25965 | 1 Janeczku | 1 Calibre-web | 2025-04-30 | 8.8 High |
| In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. | ||||
| CVE-2025-46249 | 1 Migaweb | 1 Simple Calendar For Elementor | 2025-04-30 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4. | ||||
| CVE-2025-46251 | 1 E4jconnect | 1 Vikrestaurants Table Reservations And Take-away | 2025-04-30 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3. | ||||