Total
8343 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53338 | 2025-06-30 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1. | ||||
| CVE-2025-53332 | 2025-06-30 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything allows Stored XSS. This issue affects Track Everything: from n/a through 2.0.1. | ||||
| CVE-2025-6664 | 1 Codeastro | 1 Patient Record Management System | 2025-06-28 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-27704 | 1 Appspace | 1 Appspace | 2025-06-27 | 6.5 Medium |
| Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page. | ||||
| CVE-2024-3151 | 1 Bdtask | 2 M-store, Multi Store Inventory Management System | 2025-06-27 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258924. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-26910 | 1 Iqonic | 1 Wpbookit | 2025-06-27 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1. | ||||
| CVE-2025-6476 | 1 Oretnom23 | 1 Gym Management System | 2025-06-27 | 4.3 Medium |
| A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6478 | 1 Codeastro | 1 Expense Management System | 2025-06-27 | 4.3 Medium |
| A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. | ||||
| CVE-2023-25058 | 1 Brainstormforce | 1 Schema | 2025-06-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions. | ||||
| CVE-2024-3135 | 1 Mudler | 1 Localai | 2025-06-27 | N/A |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers to exhaust system resources, consume credits, and fill disk space by making numerous resource-intensive API calls, such as generating images or uploading files. The vulnerability stems from the application's acceptance of simple request content-types without requiring CSRF tokens or implementing other CSRF mitigation measures. Successful exploitation does not require network access to the vulnerable LocalAI environment. | ||||
| CVE-2023-36682 | 1 Brainstormforce | 1 Schema | 2025-06-27 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7. | ||||
| CVE-2024-27439 | 1 Apache | 1 Wicket | 2025-06-27 | 6.5 Medium |
| An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue. | ||||
| CVE-2025-32642 | 2 Appsbd, Wordpress | 2 Vite Coupon Plugin, Wordpress | 2025-06-27 | 10 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7. | ||||
| CVE-2025-25106 | 2 Fancywp, Wordpress | 2 Starter Templates, Wordpress | 2025-06-27 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0. | ||||
| CVE-2025-25107 | 2 Sainwp, Wordpress | 2 Onestore Sites, Wordpress | 2025-06-27 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1. | ||||
| CVE-2025-46513 | 2 Codebangers, Wordpress | 2 All In One Time Clock Lite, Wordpress | 2025-06-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery. This issue affects All in One Time Clock Lite: from n/a through 1.3.324. | ||||
| CVE-2025-48111 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Paypal Express Checkout For Woocommerce | 2025-06-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0. | ||||
| CVE-2025-6284 | 1 Phpgurukul | 1 Car Rental Portal | 2025-06-26 | 4.3 Medium |
| A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6341 | 1 Fabian | 1 School Fees Payment System | 2025-06-26 | 4.3 Medium |
| A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2018-14668 | 1 Clickhouse | 1 Clickhouse | 2025-06-25 | N/A |
| In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. | ||||