Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44160 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
|
|||||
| CVE-2023-44146 | 1 Checkfront | 1 Checkfront Online Booking System | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <= 3.6 versions.
|
|||||
| CVE-2023-43649 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A | 4.7 MEDIUM |
|
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.
|
|||||
| CVE-2023-43502 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.
|
|||||
| CVE-2023-43500 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | N/A | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
|
|||||
| CVE-2023-43295 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 3.5 LOW |
|
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.
|
|||||
| CVE-2023-43278 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
|
|||||
| CVE-2023-43275 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.
|
|||||
| CVE-2023-43149 | 1 Spa-cart | 1 Spa-cart | 2024-11-21 | N/A | 8.8 HIGH |
|
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.
|
|||||
| CVE-2023-43148 | 1 Spa-cart | 1 Spa-cart | 2024-11-21 | N/A | 8.1 HIGH |
|
SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.
|
|||||
| CVE-2023-43147 | 1 Phpjabbers | 1 Limo Booking Software | 2024-11-21 | N/A | 8.8 HIGH |
|
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.
|
|||||
| CVE-2023-43118 | 1 Extremenetworks | 1 Exos | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.
|
|||||
| CVE-2023-42435 | 1 Dexma | 1 Dexgate | 2024-11-21 | N/A | 5.5 MEDIUM |
|
The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user.
|
|||||
| CVE-2023-42323 | 1 Mnbvcxz131421 | 1 Douhaocms | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file.
|
|||||
| CVE-2023-42321 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.
|
|||||
| CVE-2023-42270 | 1 Grocy Project | 1 Grocy | 2024-11-21 | N/A | 8.8 HIGH |
|
Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).
|
|||||
| CVE-2023-42188 | 1 Macwk | 1 Icecms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
|
|||||
| CVE-2023-42027 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.
|
|||||
| CVE-2023-41950 | 1 Laposta | 1 Laposta Signup Basic | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions.
|
|||||
| CVE-2023-41946 | 1 Jenkins | 1 Frugal Testing | 2024-11-21 | N/A | 3.5 LOW |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.
|
|||||
| CVE-2023-41942 | 1 Jenkins | 1 Aws Codecommit Trigger | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.
|
|||||
| CVE-2023-41938 | 1 Jenkins | 1 Ivy | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.
|
|||||
| CVE-2023-41876 | 1 Wp Gallery Metabox Project | 1 Wp Gallery Metabox | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions.
|
|||||
| CVE-2023-41864 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0.
|
|||||
| CVE-2023-41858 | 1 Tychesoftwares | 1 Order Delivery Date For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.
|
|||||
| CVE-2023-41854 | 1 Wpcentral | 1 Wpcentral | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions.
|
|||||
| CVE-2023-41853 | 1 Wpicalavailability | 1 Wp Ical Availability | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.
|
|||||
| CVE-2023-41852 | 1 Mailmunch | 1 Mailmunch | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.
|
|||||
| CVE-2023-41851 | 1 Dotsquares | 1 Wp Custom Post Template | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions.
|
|||||
| CVE-2023-41850 | 1 Sparro | 1 Outbound Link Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions.
|
|||||
| CVE-2023-41801 | 1 Strategy11 | 1 Awp Classifieds | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.
|
|||||
| CVE-2023-41792 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773.
|
|||||
| CVE-2023-41732 | 1 Dwbooster | 1 Cp Blocks | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.
|
|||||
| CVE-2023-41730 | 1 Pressified | 1 Sendpress | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.
|
|||||
| CVE-2023-41697 | 1 Nikunjsoni | 1 Easy Wp Cleaner | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions.
|
|||||
| CVE-2023-41694 | 1 Realbig | 1 Realbig | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions.
|
|||||
| CVE-2023-41693 | 1 Plainviewplugins | 1 Mycryptocheckout | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.
|
|||||
| CVE-2023-41684 | 1 Felixwelberg | 1 Sis Handball | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions.
|
|||||
| CVE-2023-41672 | 1 Remileclercq | 1 Hide Admin Notices - Admin Notification Center Plugin | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions.
|
|||||
| CVE-2023-41670 | 1 Palasthotel | 1 Use Memcached | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions.
|
|||||