Export limit exceeded: 10022 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10022 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7661 | 2 Oretnom23, Sourcecodester | 2 Car Driving School Management System, Car Driving School Management System | 2024-08-15 | 4.3 Medium |
| A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function save_users of the file admin/user/index.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42628 | 1 Frogcms Project | 1 Frogcms | 2024-08-15 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3. | ||||
| CVE-2024-42624 | 1 Frogcms Project | 1 Frogcms | 2024-08-15 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10. | ||||
| CVE-2024-4187 | 1 Opentext | 1 Filr | 2024-08-15 | 5.4 Medium |
| Stored XSS vulnerability has been discovered in OpenTextâ„¢ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites. | ||||
| CVE-2024-40476 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management, Best House Rental Management System | 2024-08-15 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant. | ||||
| CVE-2024-41907 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | 4.2 Medium |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack. | ||||
| CVE-2024-42623 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1 | ||||
| CVE-2024-42631 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1. | ||||
| CVE-2024-42627 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3. | ||||
| CVE-2024-42625 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 5.4 Medium |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add | ||||
| CVE-2024-42629 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 5.4 Medium |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10. | ||||
| CVE-2024-42632 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add. | ||||
| CVE-2024-42630 | 2 Frog Cms Project, Frogcms Project | 2 Frog Cms, Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. | ||||
| CVE-2024-42626 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add. | ||||
| CVE-2024-42347 | 1 Matrix | 1 Matrix-react-sdk | 2024-08-12 | 7.7 High |
| matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-32863 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 6.8 Medium |
| Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2024-7360 | 2 Oretnom23, Sourcecodester | 2 Tracking Monitoring Management System, Tracking Monitoring Management System | 2024-08-09 | 4.3 Medium |
| A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273339. | ||||
| CVE-2024-7367 | 2 Oretnom23, Sourcecodester | 2 Simple Realtime Quiz System, Simple Realtime Quiz System | 2024-08-09 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273351. | ||||
| CVE-2024-6995 | 1 Google | 2 Android, Chrome | 2024-08-07 | 8.8 High |
| Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-7003 | 1 Google | 1 Chrome | 2024-08-07 | 4.3 Medium |
| Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||