Total
7924 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20120 | 1 Trueconf | 1 Server | 2025-04-15 | 4.3 Medium |
| A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3121 | 1 Online Employee Leave Management System Project | 1 Online Employee Leave Management System | 2025-04-15 | 4.3 Medium |
| A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability. | ||||
| CVE-2022-2846 | 1 Dwbooster | 1 Calendar Event Multi View | 2025-04-15 | 4.3 Medium |
| The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it. | ||||
| CVE-2022-3978 | 1 Nodebb | 1 Nodebb | 2025-04-15 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555. | ||||
| CVE-2022-4013 | 1 Hospital Management Center Project | 1 Hospital Management Center | 2025-04-15 | 4.3 Medium |
| A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787. | ||||
| CVE-2022-4090 | 1 Stock Management System Project | 1 Stock Management System | 2025-04-15 | 4.3 Medium |
| A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. | ||||
| CVE-2022-46853 | 1 Radiustheme | 1 The Post Grid | 2025-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions. | ||||
| CVE-2022-4349 | 1 Pwn Project | 1 Pwn | 2025-04-15 | 4.3 Medium |
| A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability. | ||||
| CVE-2022-4397 | 1 Zend-blog-2 Project | 1 Zend-blog-2 | 2025-04-15 | 4.3 Medium |
| A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4564 | 1 Ucf | 1 Materia | 2025-04-15 | 4.3 Medium |
| A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability. | ||||
| CVE-2020-36622 | 1 Bienlein Project | 1 Bienlein | 2025-04-15 | 4.3 Medium |
| A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability. | ||||
| CVE-2020-36623 | 1 Pengu Project | 1 Pengu | 2025-04-15 | 4.3 Medium |
| A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475. | ||||
| CVE-2024-11071 | 2025-04-15 | 8.8 High | ||
| Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor. | ||||
| CVE-2022-4124 | 1 Popup Manager Project | 1 Popup Manager | 2025-04-14 | 4.3 Medium |
| The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them | ||||
| CVE-2024-54357 | 1 Theme-fusion | 1 Avada | 2025-04-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10. | ||||
| CVE-2021-4268 | 1 Phpredisadmin Project | 1 Phpredisadmin | 2025-04-14 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in phpRedisAdmin up to 1.17.3. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.18.0 is able to address this issue. The name of the patch is b9039adbb264c81333328faa9575ecf8e0d2be94. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216471. | ||||
| CVE-2021-4275 | 1 Pyambic-pentameter Project | 1 Pyambic-pentameter | 2025-04-14 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability. | ||||
| CVE-2020-28191 | 1 Togglz | 1 Togglz | 2025-04-14 | 8.8 High |
| The console in Togglz before 2.9.4 allows CSRF. | ||||
| CVE-2024-2429 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-14 | 4.3 Medium |
| The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2025-31859 | 2025-04-14 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool allows Cross Site Request Forgery. This issue affects Feedbucket – Website Feedback Tool: from n/a through 1.0.6. | ||||