ReportizFlow
Filtered by vendor
Subscriptions
Total
8349 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24524 | 1 Flusity | 1 Flusity | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. | ||||
| CVE-2024-24469 | 1 Flusity | 1 Flusity | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | ||||
| CVE-2024-23831 | 1 Ledgersmb | 1 Ledgersmb | 2024-11-21 | 7.5 High |
| LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9. | ||||
| CVE-2024-23785 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2024-11-21 | 6.1 Medium |
| Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. | ||||
| CVE-2024-23736 | 2024-11-21 | 8.8 High | ||
| Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | ||||
| CVE-2024-23597 | 2024-11-21 | 4.3 Medium | ||
| Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a. | ||||
| CVE-2024-23554 | 2024-11-21 | 5.7 Medium | ||
| Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). | ||||
| CVE-2024-23515 | 2024-11-21 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159. | ||||
| CVE-2024-23319 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.5 Low |
| Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message. | ||||
| CVE-2024-22603 | 1 Flycms Project | 1 Flycms | 2024-11-21 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link | ||||
| CVE-2024-22593 | 1 Flycms Project | 1 Flycms | 2024-11-21 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save | ||||
| CVE-2024-22475 | 2024-11-21 | 6.1 Medium | ||
| Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2024-22438 | 2024-11-21 | 3.5 Low | ||
| A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches. The vulnerability could be remotely exploited to allow execution of malicious code. | ||||
| CVE-2024-22287 | 1 Ludek | 1 Better Anchor Links | 2024-11-21 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through 1.7.5. | ||||
| CVE-2024-22140 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | ||||
| CVE-2024-20718 | 1 Adobe | 1 Commerce | 2024-11-21 | 4.3 Medium |
| Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website. | ||||
| CVE-2024-20254 | 1 Cisco | 1 Expressway | 2024-11-21 | 9.6 Critical |
| Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. | ||||
| CVE-2024-20252 | 1 Cisco | 1 Expressway | 2024-11-21 | 9.6 Critical |
| Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. | ||||
| CVE-2024-1845 | 1 E4jconnect | 1 Vikrentcar | 2024-11-21 | 8.8 High |
| The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-1162 | 1 Themeisle | 1 Orbit Fox | 2024-11-21 | 4.3 Medium |
| The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||