Total
7971 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8335 | 1 Code-projects | 1 Simple Car Rental System | 2025-08-05 | 4.3 Medium |
| A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1473 | 1 Lfprojects | 1 Mlflow | 2025-08-05 | 7.1 High |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user. | ||||
| CVE-2024-1879 | 1 Agpt | 1 Autogpt Classic | 2025-08-05 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious website. This site can then send crafted requests to the AutoGPT server, leading to command execution. The issue is exacerbated by CORS being enabled for arbitrary origins by default, allowing the attacker to read the response of all cross-site queries. This vulnerability was addressed in version 5.1. | ||||
| CVE-2025-49462 | 1 Zoom | 1 Zoom | 2025-08-05 | 3.5 Low |
| Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access. | ||||
| CVE-2025-54782 | 1 Nestjs | 1 Devtools-integration | 2025-08-05 | N/A |
| Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1. | ||||
| CVE-2025-8505 | 1 495300897 | 1 Wx-shop | 2025-08-04 | 4.3 Medium |
| A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2024-56924 | 1 Codeastro | 1 Internet Banking System | 2025-08-04 | 7.3 High |
| A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts. | ||||
| CVE-2023-5455 | 3 Fedoraproject, Freeipa, Redhat | 25 Fedora, Freeipa, Codeready Linux Builder and 22 more | 2025-08-03 | 6.5 Medium |
| A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. | ||||
| CVE-2025-7078 | 1 07fly | 3 07fly-cms, 07flycms, Customer Relationship Management | 2025-08-01 | 4.3 Medium |
| A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-41344 | 1 Codeigniter | 1 Codeigniter | 2025-08-01 | 7.5 High |
| A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. | ||||
| CVE-2024-1592 | 1 Really-simple-plugins | 1 Complianz | 2025-08-01 | 4.3 Medium |
| The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-1506 | 1 Wpmet | 1 Wp Social Login And Register Social Counter | 2025-08-01 | 4.3 Medium |
| The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. This is due to missing or incorrect nonce validation on the counter_access_key_setup() function. This makes it possible for unauthenticated attackers to update social login provider settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-54528 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | 5.4 Medium |
| In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow | ||||
| CVE-2025-54529 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | 3.7 Low |
| In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration | ||||
| CVE-2025-54536 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | 5.4 Medium |
| In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint | ||||
| CVE-2022-20853 | 1 Cisco | 2 Telepresence Video Communication Server, Telepresence Video Communication Server Software | 2025-07-31 | 7.4 High |
| A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2015-4274 | 1 Cisco | 1 Unified Intelligence Center | 2025-07-31 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. | ||||
| CVE-2015-0740 | 1 Cisco | 1 Unified Intelligence Center | 2025-07-31 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. | ||||
| CVE-2017-12253 | 1 Cisco | 1 Unified Intelligence Center | 2025-07-31 | N/A |
| A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872. | ||||
| CVE-2019-1658 | 1 Cisco | 1 Unified Intelligence Center | 2025-07-31 | N/A |
| A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. | ||||