Total
6075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32978 | 1 Jenkins | 1 Lightweight Directory Access Protocol | 2024-11-21 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | |||||
| CVE-2023-32964 | 1 Madewithfuel | 1 Better Notifications For Wp | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions. | |||||
| CVE-2023-32960 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS). | |||||
| CVE-2023-32792 | 1 Nxlog | 1 Nxlog Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests. | |||||
| CVE-2023-32791 | 1 Nxlog | 1 Nxlog Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of the origin of incoming requests. | |||||
| CVE-2023-32761 | 1 Archerirm | 1 Archer | 2024-11-21 | N/A | 8.1 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request. | |||||
| CVE-2023-32625 | 1 Sakura | 1 Ts Webfonts | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page. | |||||
| CVE-2023-32589 | 1 Pingonline | 1 Dyslexiefont Free | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions. | |||||
| CVE-2023-32502 | 1 Cyberwire | 1 Pro Mime Types | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions. | |||||
| CVE-2023-32344 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898. | |||||
| CVE-2023-32124 | 1 Arulprasadj | 1 Publish Confirm Message | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions. | |||||
| CVE-2023-32123 | 1 Dream-theme | 1 The7 | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3. | |||||
| CVE-2023-32104 | 1 Target-info | 1 Mycurator Content Curation | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions. | |||||
| CVE-2023-32091 | 1 Poeditor | 1 Poeditor | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. | |||||
| CVE-2023-31999 | 1 Fastify | 1 Oauth2 | 2024-11-21 | N/A | 8.8 HIGH |
| All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it. v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object. | |||||
| CVE-2023-31708 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | |||||
| CVE-2023-31452 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |||||
| CVE-2023-31230 | 1 Baidu-tongji-generator Project | 1 Baidu-tongji-generator | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2. | |||||
| CVE-2023-31218 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions. | |||||
| CVE-2023-31216 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions. | |||||