Total
6075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25015 | 2 Clockwork Web Project, Rubyonrails | 2 Clockwork Web, Rails | 2024-11-21 | N/A | 6.5 MEDIUM |
| Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | |||||
| CVE-2023-24920 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-24518 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.7 MEDIUM |
| A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms. | |||||
| CVE-2023-24458 | 1 Jenkins | 1 Bearychat | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2023-24457 | 1 Jenkins | 1 Keycloak Authentication | 2024-11-21 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-24452 | 1 Jenkins | 1 Testquality Updater | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2023-24447 | 1 Jenkins | 1 Rabbitmq Consumer | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. | |||||
| CVE-2023-24446 | 1 Jenkins | 1 Openid | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-24437 | 1 Jenkins | 1 Jira Pipeline Steps | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24434 | 1 Jenkins | 1 Github Pull Request Builder | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24432 | 1 Jenkins | 1 Orka By Macstadium | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24428 | 1 Jenkins | 1 Bitbucket Oauth | 2024-11-21 | N/A | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. | |||||
| CVE-2023-24423 | 1 Jenkins | 1 Gerrit Trigger | 2024-11-21 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. | |||||
| CVE-2023-24421 | 1 Wpengine | 1 Php Compatibility Checker | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions. | |||||
| CVE-2023-24419 | 1 Strategy11 | 1 Formidable Form Builder | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. | |||||
| CVE-2023-24417 | 1 Tiggerswelt | 1 Worthy | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions. | |||||
| CVE-2023-24415 | 1 Quantumcloud | 1 Chatbot | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions. | |||||
| CVE-2023-24414 | 1 Robosoft | 1 Robogallery | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions. | |||||
| CVE-2023-24405 | 1 Wpplugin | 1 Paypal \& Stripe Add-on | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions. | |||||
| CVE-2023-24395 | 1 Wpplugin | 1 Contact Form 7 Redirect \& Thank You Page | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions. | |||||