Total
8331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5988 | 1 Redhat | 2 Ansible Automation Platform, Ansible Automation Platform Developer | 2025-11-07 | 5.3 Medium |
| A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda. | ||||
| CVE-2020-10181 | 1 Sumavision | 2 Enhanced Multimedia Router, Enhanced Multimedia Router Firmware | 2025-11-07 | 9.8 Critical |
| goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request. | ||||
| CVE-2025-58469 | 2025-11-07 | N/A | ||
| A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: QuLog Center 1.8.2.927 ( 2025/09/17 ) and later | ||||
| CVE-2025-12479 | 2 Azure-access, Azure Access Technology | 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more | 2025-11-07 | 8.8 High |
| Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | ||||
| CVE-2025-48078 | 1 Wordpress | 1 Wordpress | 2025-11-07 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through <= 0.3. | ||||
| CVE-2025-12221 | 3 Azure-access, Azure Access Technology, Busybox | 7 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 4 more | 2025-11-07 | 8.8 High |
| Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||||
| CVE-2025-7078 | 1 07fly | 3 07fly-cms, 07flycms, Customer Relationship Management | 2025-11-06 | 4.3 Medium |
| A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-48085 | 2 Wordpress, Zipang | 2 Wordpress, Simple Stripe | 2025-11-06 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through <= 0.9.17. | ||||
| CVE-2025-53316 | 2 Shahjahan Jewel, Wordpress | 2 Wp Gdpr Cookie Consent, Wordpress | 2025-11-06 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through <= 1.0.0. | ||||
| CVE-2025-62950 | 2 Contest Gallery, Wordpress | 2 Contest Gallery, Wordpress | 2025-11-06 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.0.0. | ||||
| CVE-2025-48077 | 1 Wordpress | 1 Wordpress | 2025-11-06 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through <= 1.0. | ||||
| CVE-2025-48083 | 1 Wordpress | 1 Wordpress | 2025-11-06 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through <= 0.5. | ||||
| CVE-2025-10691 | 2 Wordpress, Yudiz | 2 Wordpress, Easy Email Subscription | 2025-11-06 | 4.3 Medium |
| The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the show_editsub_page() function. This makes it possible for unauthenticated attackers to delete arbitrary subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-53688 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-05 | 5.4 Medium |
| Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions. | ||||
| CVE-2025-64149 | 1 Jenkins | 2 Jenkins, Publish To Bitbucket | 2025-11-04 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2025-64141 | 1 Jenkins | 2 Jenkins, Nexus Task Runner | 2025-11-04 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2025-64138 | 1 Jenkins | 2 Jenkins, Start Windocks Container | 2025-11-04 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2025-64136 | 1 Jenkins | 2 Jenkins, Themis | 2025-11-04 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Themis Plugin 1.4.1 and earlier allows attackers to connect to an attacker-specified HTTP server. | ||||
| CVE-2025-64133 | 1 Jenkins | 1 Jenkins | 2025-11-04 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code. | ||||
| CVE-2025-47410 | 1 Apache | 1 Geode | 2025-11-04 | 8.8 High |
| Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This issue affects Apache Geode: versions 1.10 through 1.15.1 Users are recommended to upgrade to version 1.15.2, which fixes the issue. | ||||