Export limit exceeded: 359063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10214 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25234 | 2026-04-15 | 5.3 Medium | ||
| SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious scripts into various application parameters. | ||||
| CVE-2025-53880 | 1 Suse | 3 Manager, Manager Proxy, Manager Server | 2026-04-15 | N/A |
| A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses. | ||||
| CVE-2024-23592 | 2026-04-15 | 6.3 Medium | ||
| An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication. | ||||
| CVE-2024-23736 | 3 Bitbucket, Confluence, Jira | 3 Snotify, Snotify, Snotify | 2026-04-15 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | ||||
| CVE-2023-51416 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.2. | ||||
| CVE-2025-41661 | 2026-04-15 | 8.8 High | ||
| An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection. | ||||
| CVE-2024-2970 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the nwap_newslist_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and modify news lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-31264 | 2 Dfactory, Wordpress | 2 Post Views Counter, Wordpress | 2026-04-15 | 4.3 Medium |
| Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions. | ||||
| CVE-2024-34755 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9. | ||||
| CVE-2025-3037 | 1 Yzk2356911358 | 1 Studentservlet-jsp | 2026-04-15 | 4.3 Medium |
| A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2024-35638 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through 0.2.43. | ||||
| CVE-2024-35657 | 2026-04-15 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.6. | ||||
| CVE-2023-44478 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8. | ||||
| CVE-2025-30014 | 2026-04-15 | 7.7 High | ||
| SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected. | ||||
| CVE-2024-37939 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Lite.This issue affects Patricia Lite: from n/a through 1.2.3. | ||||
| CVE-2024-37940 | 2026-04-15 | 7.4 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13. | ||||
| CVE-2025-14904 | 2 Anilankola, Wordpress | 2 Newsletter Email Subscribe, Wordpress | 2026-04-15 | 4.3 Medium |
| The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nels_settings_page function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-37941 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3. | ||||
| CVE-2024-3798 | 2026-04-15 | N/A | ||
| Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery. This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. Phoniebox in version 3.0 and higher are not affected. | ||||
| CVE-2024-4100 | 2 Elfsight, Wordpress | 2 Pricing Table, Wordpress | 2026-04-15 | 5.3 Medium |
| The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety of actions related to managing pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||