Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7347 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-42577 1 Siamonhasan 1 Warehouse Inventory System 2024-08-21 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42580 1 Siamonhasan 1 Warehouse Inventory System 2024-08-21 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42581 1 Siamonhasan 1 Warehouse Inventory System 2024-08-21 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42582 1 Siamonhasan 1 Warehouse Inventory System 2024-08-21 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42583 1 Siamonhasan 1 Warehouse Inventory System 2024-08-21 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42603 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall
CVE-2024-42605 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
CVE-2024-42606 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1
CVE-2024-42607 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
CVE-2024-42609 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars
CVE-2024-42610 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files
CVE-2024-42611 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
CVE-2024-42613 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet
CVE-2024-42617 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32
CVE-2024-42618 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma
CVE-2024-42621 1 Pligg 1 Pligg Cms 2024-08-21 N/A 8.8 HIGH
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
CVE-2024-42555 2024-08-20 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-42553 2024-08-20 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-7850 2024-08-20 N/A 6.1 MEDIUM
The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bps_ajax_field_selector(), bps_ajax_template_options(), and bps_ajax_field_row() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-7645 1 Oretnom23 1 Clinic\'s Patient Management System 2024-08-19 5.0 MEDIUM 5.4 MEDIUM
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file users.php of the component User Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.