Total
8578 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45902 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. | ||||
| CVE-2023-48063 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 4.3 Medium |
| An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. | ||||
| CVE-2023-45905 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. | ||||
| CVE-2023-48017 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 8.8 High |
| Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. | ||||
| CVE-2024-8736 | 1 Lollms | 1 Lollms Web Ui | 2025-04-04 | 6.5 Medium |
| A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints. | ||||
| CVE-2023-0398 | 1 Modoboa | 1 Modoboa | 2025-04-03 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2023-0406 | 1 Modoboa | 1 Modoboa | 2025-04-03 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2023-0438 | 1 Modoboa | 1 Modoboa | 2025-04-03 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||||
| CVE-2024-12955 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2025-04-03 | 4.3 Medium |
| A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25873 | 1 Openpanel | 1 Openadmin | 2025-04-03 | 5.5 Medium |
| Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function | ||||
| CVE-2024-1489 | 1 Cozyvision | 1 Sms Alert Order Notifications | 2025-04-03 | 4.3 Medium |
| The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attackers to delete pages and posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-1642 | 1 Mainwp | 1 Mainwp Dashboard | 2025-04-03 | 4.3 Medium |
| The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'posting_bulk' function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2005-2059 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 6.5 Medium |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | ||||
| CVE-2004-1703 | 1 Fusionphp | 1 Fusion News | 2025-04-03 | 8.8 High |
| Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag. | ||||
| CVE-2005-3348 | 1 Phpsysinfo | 1 Phpsysinfo | 2025-04-03 | N/A |
| HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter. | ||||
| CVE-2004-1967 | 1 Openbb | 1 Openbb | 2025-04-03 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. | ||||
| CVE-2004-1995 | 1 Fusetalk | 1 Fusetalk | 2025-04-03 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. | ||||
| CVE-2005-1674 | 1 Helpcenterlive | 1 Help Center Live | 2025-04-03 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php. | ||||
| CVE-2005-1947 | 1 Invisioncommunity | 1 Gallery | 2025-04-03 | 4.3 Medium |
| Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | ||||
| CVE-2002-2426 | 1 Citrix | 3 Access Essentials, Metaframe Presentation Server, Presentation Server | 2025-04-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information. | ||||