Total
7274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46516 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored XSS. This issue affects Twitter Card Generator: from n/a through 1.0.5. | |||||
| CVE-2025-46507 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS. This issue affects Unsafe Mimetypes: from n/a through 0.1.4. | |||||
| CVE-2025-46513 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery. This issue affects All in One Time Clock Lite: from n/a through 1.3.324. | |||||
| CVE-2025-46506 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon – Amazon Affiliate Plugin allows Reflected XSS. This issue affects WpZon – Amazon Affiliate Plugin: from n/a through 1.3. | |||||
| CVE-2025-46514 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS. This issue affects Milat jQuery Automatic Popup: from n/a through 1.3.1. | |||||
| CVE-2025-46465 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer allows Stored XSS. This issue affects Print Science Designer: from n/a through 1.3.155. | |||||
| CVE-2025-46498 | 2025-04-29 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery. This issue affects Zalo Official Live Chat: from n/a through 1.0.0. | |||||
| CVE-2025-3635 | 2025-04-29 | N/A | 3.5 LOW | ||
| A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks. | |||||
| CVE-2025-46522 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS. This issue affects Tabs: from n/a through 4.0.3. | |||||
| CVE-2025-46512 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows Stored XSS. This issue affects Custom Functions Plugin: from n/a through 1.1. | |||||
| CVE-2025-46466 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls allows Stored XSS. This issue affects Modern Polls: from n/a through 1.0.10. | |||||
| CVE-2025-46492 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog allows Stored XSS. This issue affects Call Now PHT Blog: from n/a through 2.4.1. | |||||
| CVE-2025-46435 | 2025-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS. This issue affects Time Based Greeting: from n/a through 2.2.2. | |||||
| CVE-2025-3997 | 2025-04-29 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3964 | 2025-04-29 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in withstars Books-Management-System 1.0. Affected is an unknown function of the file /api/article/del of the component Article Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-3959 | 2025-04-29 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in withstars Books-Management-System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /reader_delete.html. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-3979 | 2025-04-29 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-46085 | 1 Frogcms Project | 1 Frogcms | 2025-04-28 | N/A | 8.8 HIGH |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename | |||||
| CVE-2024-46362 | 1 Frogcms Project | 1 Frogcms | 2025-04-28 | N/A | 8.8 HIGH |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory | |||||
| CVE-2024-27717 | 1 Eskooly | 1 Eskooly | 2025-04-28 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. | |||||