Total
7877 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22852 | 1 Tiki | 1 Tiki | 2025-04-07 | N/A | 6.5 MEDIUM |
| Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | |||||
| CVE-2022-43719 | 1 Apache | 1 Superset | 2025-04-07 | N/A | 8.8 HIGH |
| Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||
| CVE-2024-9311 | 1 Hliu | 1 Large Language And Vision Assistant | 2025-04-07 | N/A | 6.1 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code in the context of the victim's browser by visiting the crafted file URL. This can lead to theft of sensitive information, session hijacking, or other actions compromising the security and privacy of the victim. | |||||
| CVE-2024-2322 | 1 Cartflows | 1 Woocommerce Cart Abandonment Recovery | 2025-04-07 | N/A | 6.8 MEDIUM |
| The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks. | |||||
| CVE-2025-30908 | 2025-04-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free allows Stored XSS. This issue affects Web Directory Free: from n/a through 1.7.6. | |||||
| CVE-2025-32250 | 2025-04-07 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in rollbar Rollbar allows Cross Site Request Forgery. This issue affects Rollbar: from n/a through 2.7.1. | |||||
| CVE-2025-32113 | 2025-04-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows Cross Site Request Forgery. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9. | |||||
| CVE-2025-32248 | 2025-04-07 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SwiftXR SwiftXR (3D/AR/VR) Viewer allows Cross Site Request Forgery. This issue affects SwiftXR (3D/AR/VR) Viewer: from n/a through 1.0.7. | |||||
| CVE-2025-32112 | 2025-04-07 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.1.8. | |||||
| CVE-2025-32261 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1. | |||||
| CVE-2025-32262 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed allows Cross Site Request Forgery. This issue affects RDP Wiki Embed: from n/a through 1.2.20. | |||||
| CVE-2025-32263 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BeRocket Sequential Order Numbers for WooCommerce allows Cross Site Request Forgery. This issue affects Sequential Order Numbers for WooCommerce: from n/a through 3.6.2. | |||||
| CVE-2025-32247 | 2025-04-07 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator allows Cross Site Request Forgery. This issue affects AI Content Creator: from n/a through 1.2.6. | |||||
| CVE-2025-32265 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.3.9. | |||||
| CVE-2025-32241 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CleverReach® Official CleverReach Plugin for WooCommerce allows Cross Site Request Forgery. This issue affects Official CleverReach Plugin for WooCommerce: from n/a through 3.4.3. | |||||
| CVE-2025-32249 | 2025-04-07 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in designinvento DirectoryPress allows Cross Site Request Forgery. This issue affects DirectoryPress: from n/a through 3.6.19. | |||||
| CVE-2025-32264 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Cross Site Request Forgery. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0. | |||||
| CVE-2025-32273 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in freetobook Freetobook Responsive Widget allows Cross Site Request Forgery. This issue affects Freetobook Responsive Widget: from n/a through 1.1. | |||||
| CVE-2024-11071 | 2025-04-07 | N/A | 8.8 HIGH | ||
| Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor. | |||||
| CVE-2025-32270 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery. This issue affects Broadstreet: from n/a through 1.51.1. | |||||