ReportizFlow
Filtered by vendor
Subscriptions
Total
8050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54172 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 4.3 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2025-57892 | 2 Jeff Starr, Wordpress | 2 Simple Statistics For Feeds, Wordpress | 2025-08-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Jeff Starr Simple Statistics for Feeds allows Cross Site Request Forgery. This issue affects Simple Statistics for Feeds: from n/a through 20250322. | ||||
| CVE-2025-55744 | 2 Unopim, Webkul | 2 Unopim, Unopim | 2025-08-23 | 4.3 Medium |
| UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1. | ||||
| CVE-2025-57885 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support allows Cross Site Request Forgery. This issue affects Fluent Support: from n/a through 1.9.1. | ||||
| CVE-2025-57895 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.3. | ||||
| CVE-2025-57893 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.79.270. | ||||
| CVE-2025-8592 | 2 Wordpress, Wpzoom | 2 Wordpress, Inspiro | 2025-08-22 | 8.1 High |
| The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiro_install_plugin() function. This makes it possible for unauthenticated attackers to install plugins from the repository via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-50902 | 2025-08-22 | 8.8 High | ||
| Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1.0.0 allows attackers to gain sensitive information via crafted HTTP Post message. | ||||
| CVE-2025-43748 | 1 Liferay | 2 Dxp, Portal | 2025-08-22 | N/A |
| Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery | ||||
| CVE-2025-27402 | 1 Enalean | 1 Tuleap | 2025-08-22 | 4.6 Medium |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740414959 and Tuleap Enterprise Edition 16.4-6 and 16.3-11. | ||||
| CVE-2025-53095 | 1 Lizardbyte | 1 Sunshine | 2025-08-22 | 9.7 Critical |
| Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can trigger unintended actions within the Sunshine application on behalf of that user. Specifically, since the application does OS command execution by design, this issue can be exploited to abuse the "Command Preparations" feature, enabling an attacker to inject arbitrary commands that will be executed with Administrator privileges when an application is launched. This issue has been patched in version 2025.628.4510. | ||||
| CVE-2024-26273 | 1 Liferay | 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more | 2025-08-22 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect parameter. | ||||
| CVE-2025-29766 | 1 Enalean | 1 Tuleap | 2025-08-22 | 4.6 Medium |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. The vulnerability is fixed in Tuleap Community Edition 16.5.99.1741784483 and Tuleap Enterprise Edition 16.5-3 and 16.4-8. | ||||
| CVE-2025-29929 | 1 Enalean | 1 Tuleap | 2025-08-22 | 4.6 Medium |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742306712 and Tuleap Enterprise Edition 16.5-5 and 16.4-8. | ||||
| CVE-2025-50179 | 1 Enalean | 1 Tuleap | 2025-08-21 | 4.6 Medium |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1749830289 and Tuleap Enterprise Edition 16.9-1 contain a patch for the issue. | ||||
| CVE-2025-48991 | 1 Enalean | 1 Tuleap | 2025-08-21 | 4.6 Medium |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1748845907, Tuleap Enterprise Edition 16.8-3, and Tuleap Enterprise Edition 16.7-5 contain a fix for the vulnerability. | ||||
| CVE-2024-2911 | 1 Publiccms | 1 Publiccms | 2025-08-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-43745 | 1 Liferay | 2 Dxp, Portal | 2025-08-21 | N/A |
| A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter. | ||||
| CVE-2025-49391 | 2 Fetchdesigns, Wordpress | 2 Sign-up Sheets, Wordpress | 2025-08-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets allows Cross Site Request Forgery. This issue affects Sign-up Sheets: from n/a through 2.3.3. | ||||
| CVE-2025-49426 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Dourou Cookie Warning allows Cross Site Request Forgery. This issue affects Cookie Warning: from n/a through 1.3. | ||||