CVE-2024-20421

The CVE-2024-20421 entry describes a CSRF vulnerability in the Cisco ATA 190 Series Analog Telephone Adapter firmware web-based management interface. Affected component: the web UI; root cause: insufficient CSRF protections. Impact: an unauthenticated, remote attacker could induce a user to click...

CVE-2024-45737

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store KVStore through a...

CVE-2024-47828 Cross-Site Request Forgery in ampache

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc.. Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they a...

CVE-2024-47828 Cross-Site Request Forgery in ampache

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc.. Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they a...

CVE-2024-20414

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration...

CVE-2024-20414

CVE-2024-20414 affects Cisco IOS Software and Cisco IOS XE Software Web UI. The issue is a CSRF flaw caused by accepting configuration changes via HTTP GET, allowing a remote attacker to trick an authenticated administrator into changing device config. Exploitation could change settings without a...

CVE-2024-20437

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for...

CVE-2024-20437

CVE-2024-20437 describes a CSRF vulnerability in Cisco IOS XE Software web UI that could let an unauthenticated, remote attacker coax an already authenticated user into following a crafted link and perform arbitrary actions on the device with the user’s privileges. The issue stems from insufficie...

CVE-2024-7892

The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-7892

The CVE-2024-7892 entry concerns the adstxt Plugin for WordPress (version

ROS-20240918-04

Webmin hosting control panel vulnerability is related to failure to take measures to protect the structure of a web page. of the web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the ajaxterm module of the Webmin hosti...

CVE-2024-8093

The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8044

The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8047

The Visual Sound old WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8093

The CVE-2024-8093 entry concerns the WordPress plugin “Posts reminder” (versions

CVE-2024-8093 Posts reminder <= 0.20 - Settings Update via CSRF

The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8047

The Visual Sound (old) WordPress plugin, v1.06 and earlier, is disclosed as lacking CSRF protection when updating settings. This enables CSRF-based changes by an attacker with a logged‑in admin account. The exact patch version is not provided in the supplied documents; remediation is to upgrade t...

CVE-2024-7817

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...

CVE-2024-7861

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3163

The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack...