Export limit exceeded: 11910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9915 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24749 | 1 Kaizencoders | 1 Url Shortify | 2026-01-30 | 4.3 Medium |
| The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack. | ||||
| CVE-2025-5885 | 1 Konicaminolta | 1 Bizhub | 2026-01-30 | 4.3 Medium |
| A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25748 | 1 Digitaldruid | 1 Hoteldruid | 2026-01-29 | 7.3 High |
| A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token. | ||||
| CVE-2025-59843 | 2 Flagforge, Flagforgectf | 2 Flagforge, Flagforge | 2026-01-29 | 5.3 Medium |
| Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public API responses while keeping the endpoint publicly accessible. Users should upgrade to version 2.3.2 or later to eliminate exposure. There are no workarounds for this vulnerability. | ||||
| CVE-2025-36411 | 1 Ibm | 1 Applinx | 2026-01-26 | 3.5 Low |
| IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2025-39203 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | 6.5 Medium |
| A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop. | ||||
| CVE-2018-25149 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-01-26 | 6.5 Medium |
| Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page. | ||||
| CVE-2022-47424 | 1 Reputeinfosystems | 1 Armember | 2026-01-26 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1. | ||||
| CVE-2024-33680 | 1 Mainwp | 1 Mainwp Child Reports | 2026-01-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1. | ||||
| CVE-2024-31272 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2026-01-23 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | ||||
| CVE-2024-9450 | 1 Syntacticsinc | 1 Easync | 2026-01-23 | 6.5 Medium |
| The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack | ||||
| CVE-2021-24767 | 1 Wpvibes | 1 Redirect 404 Error Page To Homepage Or Custom Page With Logs | 2026-01-23 | 6.5 Medium |
| The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack | ||||
| CVE-2024-8047 | 2 Freakingwildchild, Visual Sound | 2 Visual Sound, Visual Sound | 2026-01-23 | 5.7 Medium |
| The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-7859 | 2 Freakingwildchild, Visual Sound | 2 Visual Sound, Visual Sound | 2026-01-23 | 6.5 Medium |
| The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2023-28749 | 1 Cminds | 1 Cm Search And Replace | 2026-01-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. | ||||
| CVE-2025-58576 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2026-01-23 | N/A |
| Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed. | ||||
| CVE-2024-32107 | 1 Xlplugins | 1 Finale | 2026-01-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. | ||||
| CVE-2024-32104 | 1 Xlplugins | 1 Nextmove | 2026-01-22 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1. | ||||
| CVE-2021-41074 | 1 Webkul | 1 Qloapps | 2026-01-22 | 5.4 Medium |
| A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document. | ||||
| CVE-2025-31963 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-22 | 2.9 Low |
| Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests. | ||||