Total
8345 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6341 | 1 Fabian | 1 School Fees Payment System | 2025-06-26 | 4.3 Medium |
| A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2018-14668 | 1 Clickhouse | 1 Clickhouse | 2025-06-25 | N/A |
| In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. | ||||
| CVE-2025-3687 | 1 Misstt123 | 1 Oasys | 2025-06-25 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2024-12224 | 1 Servo | 1 Idna | 2025-06-25 | 8.8 High |
| Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname. | ||||
| CVE-2025-47701 | 1 Restrict Route By Ip Project | 1 Restrict Route By Ip | 2025-06-25 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0. | ||||
| CVE-2025-3635 | 1 Moodle | 1 Moodle | 2025-06-24 | 3.5 Low |
| A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks. | ||||
| CVE-2024-9847 | 1 Flatpress | 1 Flatpress | 2025-06-24 | N/A |
| FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress CMS server to perform the desired action on behalf of the victim user. Since the request is authenticated, the server will process it as if it were initiated by the legitimate user, effectively allowing the attacker to perform unauthorized actions. This vulnerability is fixed in version 1.4.dev. | ||||
| CVE-2025-50044 | 2025-06-24 | 6.5 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager allows Cross Site Request Forgery. This issue affects Real Estate Manager: from n/a through 7.3. | ||||
| CVE-2024-51381 | 1 Jatos | 1 Jatos | 2025-06-24 | 8.4 High |
| Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control. | ||||
| CVE-2024-51382 | 1 Jatos | 1 Jatos | 2025-06-24 | 8.4 High |
| Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the system. | ||||
| CVE-2025-49269 | 1 Anton Vanyukov | 1 Market Exporter | 2025-06-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter allows Cross Site Request Forgery. This issue affects Market Exporter: from n/a through 2.0.22. | ||||
| CVE-2025-49238 | 1 Everestthemes | 1 Everest Backup | 2025-06-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup allows Cross Site Request Forgery. This issue affects Everest Backup: from n/a through 2.3.3. | ||||
| CVE-2025-28948 | 1 Codedraft | 1 Mediabay - Wordpress Media Library Folders | 2025-06-24 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4. | ||||
| CVE-2025-39472 | 1 Wpweb | 1 Woocommerce Social Login | 2025-06-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPWeb WooCommerce Social Login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a before 2.8.3. | ||||
| CVE-2025-39564 | 1 Wptrio | 1 Conditional Shipping For Woocommerce | 2025-06-24 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Shipping for WooCommerce: from n/a through 3.4.0. | ||||
| CVE-2025-39601 | 1 Wpfactory | 1 Custom Css, Js & Php | 2025-06-24 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion. This issue affects Custom CSS, JS & PHP: from n/a through 2.4.1. | ||||
| CVE-2025-3037 | 1 Yzk2356911358 | 1 Studentservlet-jsp | 2025-06-24 | 4.3 Medium |
| A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2025-47446 | 1 Listamester | 1 Listamester | 2025-06-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester allows Cross Site Request Forgery. This issue affects Listamester: from n/a through 2.3.6. | ||||
| CVE-2025-47448 | 1 Thimpress | 1 Wp Hotel Booking | 2025-06-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking allows Cross Site Request Forgery. This issue affects WP Hotel Booking: from n/a through 2.1.9. | ||||
| CVE-2025-47468 | 1 Hashthemes | 1 Hash Form | 2025-06-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form allows Cross Site Request Forgery. This issue affects Hash Form: from n/a through 1.2.8. | ||||