Total
8462 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59891 | 2026-01-29 | N/A | N/A | ||
| Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to change a user's password or create users via '/setup_login?sid=', affecting the 'username', 'password', and 'cpassword' parameters. | |||||
| CVE-2025-59892 | 2026-01-29 | N/A | N/A | ||
| Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to delete commands individually via '/delete_command?sid=', using the 'cid' parameter. | |||||
| CVE-2025-14795 | 2026-01-29 | N/A | 4.3 MEDIUM | ||
| The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss_addtoallowlist class. This makes it possible for unauthenticated attackers to add arbitrary email addresses to the spam allowlist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The vulnerability was partially patched in version 2026.1. | |||||
| CVE-2025-64368 | 1 Qodeinteractive | 1 Bard | 2026-01-29 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6. | |||||
| CVE-2025-67626 | 2026-01-29 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1. | |||||
| CVE-2026-24432 | 1 Tenda | 2 W30e, W30e Firmware | 2026-01-28 | N/A | 4.3 MEDIUM |
| Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered by an authenticated user’s browser, modify administrative passwords and other configuration settings. | |||||
| CVE-2026-23622 | 1 Easyappointments | 1 Easy\!appointments | 2026-01-28 | N/A | 8.8 HIGH |
| Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET (or $_REQUEST), so an attacker can perform CSRF by forcing a victim's browser to issue a crafted GET request. Impact: creation of admin accounts, modification of admin email/password, and full admin account takeover. | |||||
| CVE-2026-24549 | 2026-01-28 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a before 2.8.150. | |||||
| CVE-2026-22483 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12. | |||||
| CVE-2026-22462 | 2026-01-27 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through <= 1.4.5. | |||||
| CVE-2026-22360 | 2026-01-27 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through <= 1.4. | |||||
| CVE-2026-22355 | 2026-01-27 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3. | |||||
| CVE-2026-24542 | 2026-01-27 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through <= 2.1.0. | |||||
| CVE-2026-24521 | 2026-01-27 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1. | |||||
| CVE-2026-22382 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3. | |||||
| CVE-2026-1142 | 1 Phpgurukul | 1 News Portal | 2026-01-27 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-24408 | 2026-01-27 | N/A | N/A | ||
| sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `_OAuthSession` creates a unique "state" and sends it as a parameter in the authentication request but the "state" in the server response seems not not be cross-checked with this value. Version 4.2.0 contains a patch for the issue. | |||||
| CVE-2025-31413 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13. | |||||
| CVE-2025-36411 | 1 Ibm | 1 Applinx | 2026-01-26 | N/A | 3.5 LOW |
| IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2021-47754 | 1 Arunna | 1 Arunna | 2026-01-26 | N/A | 6.5 MEDIUM |
| Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form. | |||||