CVE-2024-20347

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An...

CVE-2024-20281

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...

CVE-2024-20347

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An...

CVE-2024-20347

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An...

CVE-2024-20347

Cisco Emergency Responder is affected by a cross-site request forgery (CSRF) vulnerability in the web UI that, together with insufficient protections, could allow an unauthenticated or user-privileged actor to perform arbitrary actions on the device when a user visits a crafted link. The root cau...

CVE-2024-20368

CVE-2024-20368 affects Cisco Identity Services Engine (ISE) web-based management interface. The issue is insufficient CSRF protections, enabling an unauthenticated, remote attacker to induce a user to click a crafted link and perform arbitrary actions on the device with the targeted user’s privil...

CVE-2024-20368

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...

CVE-2024-20368

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...

CVE-2024-20281

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...

CVE-2024-2262

CVE-2024-2262 affects the Themify WordPress plugin prior to version 1.4.4, where the bulk action feature lacks CSRF protection. This enables an attacker to trigger actions that cause logged-in users to delete arbitrary filters by crafting a CSRF request, given knowledge of the related filter slug...

CVE-2024-2262 WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF

Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs...

CP Media Player < 1.2.0 - Player Deletion and Duplication via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the adminpage function. This makes it possible for unauthenticated attackers to delete or duplicate existing audio or video players via a forged request granted they can trick a site...

CVE-2024-1962

CVE-2024-1962 affects the CM Download Manager plugin for WordPress. The Red Hat entry and the initial description confirm that prior to version 2.9.1, the plugin lacks CSRF checks in certain areas, enabling a CSRF attack to cause logged-in admins to edit downloads. The description does not provid...

CVE-2024-1232 CM Download Manager < 2.9.0 - Download Deletion via CSRF

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack...

CVE-2024-1232 CM Download Manager < 2.9.0 - Download Deletion via CSRF

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack...

CVE-2024-1231 CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack...

Security Bulletin: IBM Integration Bus for z/OS Admin WebUI is vulnerable to a CSRF attack (CVE-2024-27265)

Summary IBM Integration Bus for z/OS Admin WebUI is vulnerable to a CSRF attack which could lead to arbitrary code execution. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-27265 DESCRIPTION: IBM Integration Bus for z/OS is vulnerable...

BIT-MEDIAWIKI-2020-29004

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack...

BIT-WORDPRESS-2020-28040

WordPress before 5.5.2 allows CSRF attacks that change a theme's background image...

BIT-ROUNDCUBE-2020-12626

An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered...