Total
7274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40455 | 1 Thinksaas | 1 Thinksaas | 2025-04-28 | N/A | 2.7 LOW |
| An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request. | |||||
| CVE-2024-40488 | 1 Lopalopa | 1 Live Membership System | 2025-04-28 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php. | |||||
| CVE-2023-51533 | 1 Lightspeedhq | 1 Ecwid Ecommerce Shopping Cart | 2025-04-28 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4. | |||||
| CVE-2020-23588 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-25 | N/A | 4.3 MEDIUM |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp ". | |||||
| CVE-2020-23587 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-25 | N/A | 3.1 LOW |
| A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp ". | |||||
| CVE-2020-23586 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-25 | N/A | 4.3 MEDIUM |
| A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule. | |||||
| CVE-2020-23585 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows attacker to "gain full privileges" and to "fully compromise of router & network". | |||||
| CVE-2022-45149 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. | |||||
| CVE-2022-23044 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2025-04-25 | N/A | 8.8 HIGH |
| Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF. | |||||
| CVE-2022-44937 | 1 Bosscms | 1 Bosscms | 2025-04-25 | N/A | 6.5 MEDIUM |
| Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. | |||||
| CVE-2024-49672 | 1 Gief | 1 Google Docs Rsvp | 2025-04-25 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1. | |||||
| CVE-2022-40489 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-24 | N/A | 8.8 HIGH |
| ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. | |||||
| CVE-2022-45674 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-24 | N/A | 6.5 MEDIUM |
| Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | |||||
| CVE-2022-45673 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-24 | N/A | 6.5 MEDIUM |
| Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | |||||
| CVE-2022-45668 | 1 Tenda | 2 I22, I22 Firmware | 2025-04-24 | N/A | 6.5 MEDIUM |
| Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | |||||
| CVE-2022-43470 | 1 Fsi | 8 Fs020w, Fs020w Firmware, Fs030w and 5 more | 2025-04-24 | N/A | 7.3 HIGH |
| Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed. | |||||
| CVE-2020-11919 | 1 Svakom | 2 Svakom Siime Eye, Svakom Siime Eye Firmware | 2025-04-24 | N/A | 8.0 HIGH |
| An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection. | |||||
| CVE-2024-56116 | 1 Amiro | 1 Amiro.cms | 2025-04-23 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account. | |||||
| CVE-2024-25905 | 1 Mondula | 1 Multi Step Form | 2025-04-23 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18. | |||||
| CVE-2025-28101 | 1 Dogukanurker | 1 Flaskblog | 2025-04-23 | N/A | 6.5 MEDIUM |
| An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request. | |||||