Total
7595 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4088 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-05-09 | 6.5 Medium |
| A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2022-23771 | 1 Iptime | 6 Nas1dual, Nas1dual Firmware, Nas2dual and 3 more | 2025-05-09 | 8 High |
| This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges. | ||||
| CVE-2025-4375 | 2025-05-09 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole application but it can be used to change the Pro Cloud Server Configuration password. This issue affects Pro Cloud Server: earlier than 6.0.165. | ||||
| CVE-2024-2858 | 1 Robbychen | 1 Simple Buttons Creator | 2025-05-08 | 4.8 Medium |
| The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-2857 | 1 Robbychen | 1 Simple Buttons Creator | 2025-05-08 | 6.1 Medium |
| The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins. | ||||
| CVE-2022-43408 | 2 Jenkins, Redhat | 3 Pipeline\, Ocp Tools, Openshift | 2025-05-08 | 6.5 Medium |
| Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. | ||||
| CVE-2022-43407 | 2 Jenkins, Redhat | 3 Pipeline\, Ocp Tools, Openshift | 2025-05-08 | 8.8 High |
| Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection of any target URL in Jenkins when the 'input' step is interacted with. | ||||
| CVE-2024-2739 | 1 Mndpsingh287 | 1 Advanced Search | 2025-05-08 | 8.7 High |
| The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-6136 | 1 Tipsandtricks-hq | 1 Wp Estore | 2025-05-08 | 5.4 Medium |
| The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2022-43418 | 1 Jenkins | 1 Katalon | 2025-05-08 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2024-20255 | 1 Cisco | 1 Expressway | 2025-05-08 | 8.2 High |
| A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. | ||||
| CVE-2024-3472 | 1 Wow-company | 1 Modal Window | 2025-05-08 | 5.9 Medium |
| The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack | ||||
| CVE-2024-3471 | 1 Wow-company | 1 Button Generator | 2025-05-08 | 3.4 Low |
| The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack | ||||
| CVE-2024-2405 | 1 Wow-company | 1 Float Menu | 2025-05-08 | 4.5 Medium |
| The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. | ||||
| CVE-2024-12436 | 1 Marvinlabs | 1 Wp Customer Area | 2025-05-08 | 4.3 Medium |
| The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-12280 | 1 Marvinlabs | 1 Wp Customer Area | 2025-05-08 | 4.3 Medium |
| The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack | ||||
| CVE-2024-3481 | 1 Wow-company | 1 Counter Box | 2025-05-08 | 5.2 Medium |
| The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks | ||||
| CVE-2024-3478 | 1 Wow-company | 1 Herd Effects | 2025-05-08 | 6.1 Medium |
| The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks | ||||
| CVE-2024-3477 | 1 Wow-company | 1 Popup Box | 2025-05-08 | 4.3 Medium |
| The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks | ||||
| CVE-2024-3476 | 1 Wow-company | 1 Side Menu Lite | 2025-05-08 | 8.8 High |
| The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | ||||