Total
6075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28673 | 2024-11-21 | N/A | 8.8 HIGH | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php. | |||||
| CVE-2024-28672 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php. | |||||
| CVE-2024-28670 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php. | |||||
| CVE-2024-28669 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php. | |||||
| CVE-2024-28667 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php | |||||
| CVE-2024-28666 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php | |||||
| CVE-2024-28665 | 2024-11-21 | N/A | 8.8 HIGH | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php | |||||
| CVE-2024-28432 | 2024-11-21 | N/A | 8.8 HIGH | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php. | |||||
| CVE-2024-28431 | 2024-11-21 | N/A | 8.8 HIGH | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php. | |||||
| CVE-2024-28429 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php | |||||
| CVE-2024-28233 | 2024-11-21 | N/A | 8.1 HIGH | ||
| JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0. | |||||
| CVE-2024-28195 | 2024-11-21 | N/A | 8.1 HIGH | ||
| your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the affected YourSpotify instance. Using repeated CSRF attacks, it is also possible to create a new user on the victim instance and promote the new user to instance administrator if a legitimate administrator visits a website prepared by an attacker. Note: Real-world exploitability of this vulnerability depends on the browser version and browser settings in use by the victim. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-27974 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]. | |||||
| CVE-2024-27968 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5. | |||||
| CVE-2024-27967 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. | |||||
| CVE-2024-27955 | 2024-11-21 | N/A | 8.3 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0. | |||||
| CVE-2024-27948 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24. | |||||
| CVE-2024-27783 | 1 Fortinet | 1 Fortiaiops | 2024-11-21 | N/A | 7.6 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests. | |||||
| CVE-2024-27717 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. | |||||
| CVE-2024-27694 | 2024-11-21 | N/A | 7.4 HIGH | ||
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. | |||||