Lucene search
K

145 matches found

Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.2 views

PT-2025-26332 · Indgeek · Indgeek Cliplink

Name of the Vulnerable Software and Affected Versions: indgeek ClipLink versions 1.1 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized requests. Recommendations: For indgeek ClipLink versions 1.1 and earlier, as a temporary workaround,...

4.3CVSS6.3AI score0.00128EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:13 a.m.10 views

CVE-2024-40603

An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request...

4.3CVSS6.8AI score0.002EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:7 a.m.6 views

CVE-2023-38348

A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1...

8.8CVSS7AI score0.00297EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:53 a.m.7 views

CVE-2023-2495

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...

4.3CVSS6.8AI score0.00267EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:37 p.m.6 views

CVE-2020-36389

In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF...

4.3CVSS6.8AI score0.00661EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 12:59 p.m.11 views

CVE-2018-20968

The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF...

8.8CVSS7.1AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.8 views

CVE-2019-17642

An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin...

8.8CVSS7.3AI score0.01645EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:33 a.m.8 views

CVE-2019-17431

An issue was discovered in fastadmin 1.0.0.20190705beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability...

8.8CVSS7AI score0.00638EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:26 a.m.10 views

CVE-2019-15238

The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field...

8.8CVSS7.1AI score0.00745EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:15 a.m.9 views

CVE-2019-10644

An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vulnerability that can add an administrator account...

8.8CVSS6.9AI score0.0065EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:48 a.m.5 views

CVE-2018-9856

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...

8.8CVSS6.6AI score0.0065EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:12 a.m.5 views

CVE-2018-14959

An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages=new URI...

8.8CVSS7AI score0.00523EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:35 a.m.8 views

CVE-2017-18512

The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF...

8.8CVSS7.1AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:7 a.m.6 views

CVE-2015-9426

The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=miceditorwindow postId parameter...

4.6CVSS6.1AI score0.01044EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.5 views

PT-2025-21988 · Falang · Falang

Name of the Vulnerable Software and Affected Versions: Falang multilanguage versions 1.3.61 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 1.3.61 and earlier,...

4.3CVSS4.4AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.6 views

PT-2025-22049 · Checkbot · Checkbot

Name of the Vulnerable Software and Affected Versions: CheckBot versions 1.05 and earlier Description: A Cross-Site Request Forgery CSRF issue in Ref CheckBot allows for Stored XSS. This means an attacker can execute malicious scripts on the victim's browser, potentially leading to unauthorized...

7.1CVSS7.5AI score0.00116EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/16 3:45 p.m.17 views

CVE-2025-31915 WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through = 1.0.3...

5.4CVSS0.00132EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.5 views

PT-2025-21154 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a CSRF problem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was...

6.4AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/07 2:20 p.m.7 views

CVE-2025-47655 WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7...

7.1CVSS6.8AI score0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 2:20 p.m.15 views

CVE-2025-47596 WordPress Beacon Lead Magnets and Lead Capture plugin <= 1.5.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture beacon-by allows Cross Site Request Forgery.This issue affects Beacon Lead Magnets and Lead Capture: from n/a through = 1.5.8...

4.3CVSS0.0014EPSS
Exploits0References1
Rows per page
Query Builder