Total
8578 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30603 | 2025-03-27 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allows Stored XSS. This issue affects CopyLink: from n/a through 1.1. | ||||
| CVE-2025-30529 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sébastien Dumont Auto Load Next Post allows Cross Site Request Forgery. This issue affects Auto Load Next Post: from n/a through 1.5.14. | ||||
| CVE-2025-30587 | 2025-03-27 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP Meta allows Stored XSS. This issue affects LH OGP Meta: from n/a through 1.73. | ||||
| CVE-2025-30564 | 2025-03-27 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wpwox Custom Script Integration allows Stored XSS. This issue affects Custom Script Integration: from n/a through 2.1. | ||||
| CVE-2025-30615 | 2025-03-27 | 9.6 Critical | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email allows Code Injection. This issue affects WP e-Commerce Style Email: from n/a through 0.6.2. | ||||
| CVE-2025-30541 | 2025-03-27 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Info Boxes Shortcode and Widget allows Cross Site Request Forgery. This issue affects Info Boxes Shortcode and Widget: from n/a through 1.15. | ||||
| CVE-2025-30552 | 2025-03-27 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert WordPress Admin Bar Improved allows Stored XSS. This issue affects WordPress Admin Bar Improved: from n/a through 3.3.5. | ||||
| CVE-2025-30558 | 2025-03-27 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in EnzoCostantini55 ANAC XML Render allows Stored XSS. This issue affects ANAC XML Render: from n/a through 1.5.7. | ||||
| CVE-2025-30560 | 2025-03-27 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery Dropdown Menu allows Stored XSS. This issue affects jQuery Dropdown Menu: from n/a through 3.0. | ||||
| CVE-2025-30608 | 2025-03-27 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n/a through 3.5.2. | ||||
| CVE-2024-20986 | 1 Oracle | 1 Weblogic Server | 2025-03-27 | 6.1 Medium |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2023-51512 | 1 Woobewoo | 1 Product Table | 2025-03-27 | 4.3 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6. | ||||
| CVE-2023-20856 | 1 Vmware | 1 Vrealize Operations | 2025-03-27 | 8.8 High |
| VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. | ||||
| CVE-2023-25015 | 2 Clockwork Web Project, Rubyonrails | 2 Clockwork Web, Rails | 2025-03-26 | 6.5 Medium |
| Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | ||||
| CVE-2023-0642 | 1 Squidex.io | 1 Squidex | 2025-03-26 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. | ||||
| CVE-2024-4382 | 1 Wielebenwir | 1 Commonsbooking | 2025-03-26 | 4.3 Medium |
| The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks | ||||
| CVE-2021-37234 | 1 Modern Honey Network Project | 1 Modern Honey Network | 2025-03-26 | 6.5 Medium |
| Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API. | ||||
| CVE-2021-36570 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-03-26 | 8.8 High |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | ||||
| CVE-2021-36569 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-03-26 | 8.8 High |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | ||||
| CVE-2021-36444 | 1 Txjia | 1 Imcat | 2025-03-26 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | ||||