Total
5453 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3932 | 2024-04-18 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in Totara LMS 18.0.1 Build 20231128.01. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261369 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-3825 | 2024-04-17 | N/A | 4.3 MEDIUM | ||
| Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration | |||||
| CVE-2024-3873 | 2024-04-17 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has been classified as problematic. This affects an unknown part of the component Web Interface. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260907. | |||||
| CVE-2024-32549 | 2024-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Posts for WordPress allows Cross-Site Scripting (XSS).This issue affects Related Posts for WordPress: from n/a through 4.0.3. | |||||
| CVE-2024-32550 | 2024-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1. | |||||
| CVE-2024-32538 | 2024-04-17 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Easy CountDowner allows Stored XSS.This issue affects Easy CountDowner: from n/a through 1.0.8. | |||||
| CVE-2024-3135 | 2024-04-16 | N/A | 6.5 MEDIUM | ||
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers to exhaust system resources, consume credits, and fill disk space by making numerous resource-intensive API calls, such as generating images or uploading files. The vulnerability stems from the application's acceptance of simple request content-types without requiring CSRF tokens or implementing other CSRF mitigation measures. Successful exploitation does not require network access to the vulnerable LocalAI environment. | |||||
| CVE-2024-1727 | 2024-04-16 | N/A | 4.3 MEDIUM | ||
| A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py. | |||||
| CVE-2024-1522 | 2024-04-16 | N/A | 8.8 HIGH | ||
| A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application. | |||||
| CVE-2024-3782 | 2024-04-15 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user. | |||||
| CVE-2024-31251 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. | |||||
| CVE-2024-31263 | 2024-04-15 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4. | |||||
| CVE-2024-31303 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets.This issue affects Sign-up Sheets: from n/a through 2.2.11.1. | |||||
| CVE-2024-31364 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | |||||
| CVE-2024-31265 | 2024-04-15 | N/A | 3.7 LOW | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | |||||
| CVE-2024-31305 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5. | |||||
| CVE-2024-31360 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1. | |||||
| CVE-2024-31279 | 2024-04-15 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0. | |||||
| CVE-2024-31271 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. | |||||
| CVE-2024-31362 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | |||||