Total
6072 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34502 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token. | |||||
| CVE-2024-34439 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Message.This issue affects DS Site Message: from n/a through 1.14.4. | |||||
| CVE-2024-34427 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8. | |||||
| CVE-2024-34379 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1. | |||||
| CVE-2024-34367 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2. | |||||
| CVE-2024-34069 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3. | |||||
| CVE-2024-34008 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 8.8 HIGH |
| Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. | |||||
| CVE-2024-34001 | 2024-11-21 | N/A | 8.4 HIGH | ||
| Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. | |||||
| CVE-2024-33913 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
| Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1. | |||||
| CVE-2024-33830 | 2024-11-21 | N/A | 8.1 HIGH | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. | |||||
| CVE-2024-33829 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. | |||||
| CVE-2024-33691 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup Builder Team OptinMonster.This issue affects OptinMonster: from n/a through 2.15.3. | |||||
| CVE-2024-33690 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3. | |||||
| CVE-2024-33689 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Hayes Radio Station.This issue affects Radio Station: from n/a through 2.5.7. | |||||
| CVE-2024-33688 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. | |||||
| CVE-2024-33683 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Dashboard Notifications.This issue affects Hide Dashboard Notifications: from n/a through 1.2.3. | |||||
| CVE-2024-33682 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23. | |||||
| CVE-2024-33681 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3. | |||||
| CVE-2024-33680 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1. | |||||
| CVE-2024-33679 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5. | |||||