CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

386 matches found

Cvelist•added 2024/07/09 12:0 a.m.•12 views

CVE-2024-40034

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/userLeveldeal.php?mudi=del...

0.00417EPSS

Exploits1References1

CNNVD•added 2024/07/05 12:0 a.m.•3 views

Certifi Data Forgery Issue Vulnerability

Certifi is a Python SSL certificate from the Certifi open source. A data forgery vulnerability exists in versions of Certifi prior to 2024.07.04, which stems from a compliance issue that recognizes root certificates from GLOBALTRUST...

7.5CVSS7AI score0.25805EPSS

Exploits0References6

CVE•added 2024/06/27 12:0 a.m.•44 views

CVE-2024-39158

CVE-2024-39158 affects idccms v1.35 with a Cross-Site Request Forgery (CSRF) in the endpoint "/admin/userSys_deal.php?mudi=infoSet". The CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low access complexity, requiring user interaction, and impacts to confidentiality, integrity, and ...

8.8CVSS7.6AI score0.00152EPSS

Exploits1References1Affected Software1

NVD•added 2024/05/22 2:15 p.m.•8 views

CVE-2024-35552

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/infoMovedeal.php?mudi=del&dataType=logo&dataTypeCN...

8.8CVSS7.1AI score0.00242EPSS

Exploits1References1

Cvelist•added 2024/05/22 1:38 p.m.•17 views

CVE-2024-35555

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/shareswitch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40...

7.1AI score0.00135EPSS

Exploits1References1

Github Security Blog•added 2024/05/10 3:29 p.m.•85 views

lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

Summary The latest version of lobe-chatby now v0.141.2 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent you...

9CVSS6.9AI score0.69363EPSS

Exploits2References4Affected Software1

Cvelist•added 2024/04/30 12:0 a.m.•17 views

CVE-2024-33832

OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery SSRF via the component /index.php?c=api&method=getlinkinfo...

7.2AI score0.03161EPSS

Exploits0References1

Patchstack•added 2024/04/26 12:9 p.m.•3 views

WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Radio Station versions = 2.5.7...

4.3CVSS7AI score0.002EPSS

Exploits0Affected Software1

Vulnrichment•added 2024/04/15 10:21 a.m.•10 views

CVE-2024-31379 WordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1...

4.3CVSS5.1AI score0.00162EPSS

Exploits0References1

OpenVAS•added 2024/03/04 12:0 a.m.•20 views

openSUSE: Security Advisory for xmltooling (SUSE-SU-2023:3089-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.52412EPSS

Exploits3References2

OSV•added 2024/02/28 10:15 a.m.•3 views

CVE-2024-1719

The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the...

4.3CVSS5.7AI score0.00146EPSS

Exploits0References3

Vulnrichment•added 2024/02/22 12:0 a.m.•12 views

CVE-2024-26349

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/deletetranslation.php...

7.5AI score0.0005EPSS

Exploits1References1

Tenable Nessus•added 2024/02/19 12:0 a.m.•24 views

Amazon Linux 2 : ipa (ALAS-2024-2457)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2457 advisory. A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform...

6.5CVSS6.7AI score0.00304EPSS

Exploits0References4

RedHat Linux•added 2024/02/05 8:19 p.m.•40 views

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps 1.11.1 security update

An update is now available for Red Hat OpenShift GitOps v1.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

8.3CVSS7.3AI score0.00064EPSS

Exploits1References3

NVD•added 2024/01/18 4:15 p.m.•22 views

CVE-2024-22699

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/admin/updategroupsave...

8.8CVSS8.8AI score0.00236EPSS

Exploits1References1

NVD•added 2024/01/18 3:15 p.m.•14 views

CVE-2024-22591

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/user/groupsave...

8.8CVSS8.8AI score0.00078EPSS

Exploits1References1