ReportizFlow
Filtered by vendor
Subscriptions
Total
8332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4839 | 1 Lollms | 1 Lollms-webui | 2025-07-07 | 3.3 Low |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent. | ||||
| CVE-2025-5932 | 2 Coolrunner, Wordpress | 3 Homerunner, Homerunner Plugin, Wordpress | 2025-07-07 | 4.3 Medium |
| The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the main_settings() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-53311 | 2 Amol Nirmala Waman, Wordpress | 2 Navayan Subscribe Plugin, Wordpress | 2025-07-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe allows Stored XSS. This issue affects Navayan Subscribe: from n/a through 1.13. | ||||
| CVE-2025-6865 | 1 Daicuo | 1 Daicuo | 2025-07-07 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-53315 | 2 Alanft, Wordpress | 2 Relocate-upload, Wordpress | 2025-07-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload allows Stored XSS. This issue affects Relocate Upload: from n/a through 0.24.1. | ||||
| CVE-2025-6864 | 1 Seacms | 1 Seacms | 2025-07-07 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-30154 | 1 Hcltech | 1 Hcl Sx | 2025-07-03 | 5.3 Medium |
| HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2025-34050 | 2025-07-03 | N/A | ||
| A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction. | ||||
| CVE-2025-27454 | 2025-07-03 | 4.3 Medium | ||
| The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser's saved authorization to execute the request. | ||||
| CVE-2025-52463 | 2025-07-03 | N/A | ||
| Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a specially crafted URL while being logged in. | ||||
| CVE-2025-52841 | 2025-07-03 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0. | ||||
| CVE-2025-52711 | 1 Boldgrid | 1 Post And Page Builder By Boldgrid - Visual Drag And Drop Editor | 2025-07-03 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8. | ||||
| CVE-2025-24717 | 1 Wow-company | 1 Modal Window | 2025-07-03 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4. | ||||
| CVE-2025-49291 | 1 Codepeople | 1 Calculated Fields Form | 2025-07-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58. | ||||
| CVE-2025-1074 | 1 Webkul | 1 Qloapps | 2025-07-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. They are aware about it and are working on resolving it. | ||||
| CVE-2024-13203 | 1 Kurniaramadhan | 1 E-commerce-php | 2025-07-02 | 4.3 Medium |
| A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-31369 | 1 Pencidesign | 1 Soledad | 2025-07-02 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | ||||
| CVE-2025-50369 | 1 Anujk305 | 1 Medical Card Generation System | 2025-07-01 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request. | ||||
| CVE-2025-53203 | 2025-06-30 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder allows Cross Site Request Forgery. This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.148. | ||||
| CVE-2025-53312 | 2025-06-30 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz allows Stored XSS. This issue affects OnionBuzz: from n/a through 1.0.7. | ||||