Total
8578 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25932 | 1 Youngtechleads | 1 Change Table Prefix | 2025-04-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix.This issue affects Change Table Prefix: from n/a through 2.0. | ||||
| CVE-2024-28678 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.3 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php | ||||
| CVE-2024-28681 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php. | ||||
| CVE-2024-28682 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.3 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php. | ||||
| CVE-2024-28430 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php. | ||||
| CVE-2024-28431 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 8.8 High |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php. | ||||
| CVE-2024-28432 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 8.8 High |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php. | ||||
| CVE-2024-28665 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 8.8 High |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php | ||||
| CVE-2024-28666 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 5.5 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php | ||||
| CVE-2024-28667 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php | ||||
| CVE-2024-28675 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 8.8 High |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php | ||||
| CVE-2024-28684 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 8.8 High |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php | ||||
| CVE-2024-28669 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 5.4 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php. | ||||
| CVE-2024-28670 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php. | ||||
| CVE-2024-28672 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 5.4 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php. | ||||
| CVE-2024-28673 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 8.8 High |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php. | ||||
| CVE-2024-28677 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php. | ||||
| CVE-2024-28429 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 5.5 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php | ||||
| CVE-2023-52047 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 8.8 High |
| Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager. | ||||
| CVE-2024-6628 | 1 Theinnovs | 1 Eleforms | 2025-03-31 | 4.3 Medium |
| The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for unauthenticated attackers to delete form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||