Export limit exceeded: 10597 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9967 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3940 | 1 Bozdoz | 1 Recaptcha Jetpack | 2025-05-05 | 8.8 High |
| The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-3941 | 1 Bozdoz | 1 Recaptcha Jetpack | 2025-05-05 | 4.7 Medium |
| The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2021-34645 | 1 Wpeasycart | 1 Shopping Cart \& Ecommerce Store | 2025-05-05 | 8.8 High |
| The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0. | ||||
| CVE-2022-42751 | 1 Auieo | 1 Candidats | 2025-05-05 | 8.8 High |
| CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. | ||||
| CVE-2022-30608 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-05 | 8.8 High |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295. | ||||
| CVE-2021-46920 | 1 Linux | 1 Linux Kernel | 2025-05-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback Current code blindly writes over the SWERR and the OVERFLOW bits. Write back the bits actually read instead so the driver avoids clobbering the OVERFLOW bit that comes after the register is read. | ||||
| CVE-2024-21336 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 2.5 Low |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-21387 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 5.3 Medium |
| Microsoft Edge for Android Spoofing Vulnerability | ||||
| CVE-2024-26192 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 8.2 High |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2024-26188 | 1 Microsoft | 1 Edge | 2025-05-03 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-21381 | 1 Microsoft | 1 Azure Active Directory | 2025-05-03 | 6.8 Medium |
| Microsoft Azure Active Directory B2C Spoofing Vulnerability | ||||
| CVE-2024-29057 | 1 Microsoft | 1 Edge | 2025-05-03 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-29986 | 2 Google, Microsoft | 2 Android, Edge Chromium | 2025-05-03 | 5.4 Medium |
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2024-29987 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2024-30056 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 7.1 High |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2022-41413 | 1 Perfsonar | 1 Perfsonar | 2025-05-02 | 4.3 Medium |
| perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | ||||
| CVE-2022-38660 | 1 Hcltech | 1 Domino | 2025-05-02 | 8.3 High |
| HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. | ||||
| CVE-2024-5033 | 1 Toolstack | 1 Sully | 2025-05-02 | 5.9 Medium |
| The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-5034 | 1 Toolstack | 1 Sully | 2025-05-02 | 8.8 High |
| The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2006-5175 | 1 Buffalo-technology | 1 Terastation Hd-htgl Firmware | 2025-05-02 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. | ||||