Total
7480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23588 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-25 | N/A | 4.3 MEDIUM |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp ". | |||||
| CVE-2020-23587 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-25 | N/A | 3.1 LOW |
| A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp ". | |||||
| CVE-2020-23586 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-25 | N/A | 4.3 MEDIUM |
| A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule. | |||||
| CVE-2020-23585 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows attacker to "gain full privileges" and to "fully compromise of router & network". | |||||
| CVE-2022-45149 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. | |||||
| CVE-2022-23044 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2025-04-25 | N/A | 8.8 HIGH |
| Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF. | |||||
| CVE-2025-3638 | 2025-04-25 | N/A | 8.8 HIGH | ||
| A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk. | |||||
| CVE-2022-44937 | 1 Bosscms | 1 Bosscms | 2025-04-25 | N/A | 6.5 MEDIUM |
| Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. | |||||
| CVE-2025-3635 | 2025-04-25 | N/A | 3.5 LOW | ||
| A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks. | |||||
| CVE-2024-49672 | 1 Gief | 1 Google Docs Rsvp | 2025-04-25 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1. | |||||
| CVE-2025-46547 | 2025-04-25 | N/A | 5.4 MEDIUM | ||
| In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue. | |||||
| CVE-2022-40489 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-24 | N/A | 8.8 HIGH |
| ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. | |||||
| CVE-2025-46530 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment allows Stored XSS. This issue affects Hacklog Remote Attachment: from n/a through 1.3.2. | |||||
| CVE-2025-46528 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS. This issue affects Availability Calendar: from n/a through 0.2.4. | |||||
| CVE-2025-46524 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category allows Stored XSS. This issue affects WP Filter Post Category: from n/a through 2.1.4. | |||||
| CVE-2025-46522 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS. This issue affects Tabs: from n/a through 4.0.3. | |||||
| CVE-2025-46520 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows Stored XSS. This issue affects Related Posts via Taxonomies: from n/a through 1.0.1. | |||||
| CVE-2025-46516 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored XSS. This issue affects Twitter Card Generator: from n/a through 1.0.5. | |||||
| CVE-2025-46514 | 2025-04-24 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows Stored XSS. This issue affects Milat jQuery Automatic Popup: from n/a through 1.3.1. | |||||
| CVE-2025-46513 | 2025-04-24 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery. This issue affects All in One Time Clock Lite: from n/a through 1.3.324. | |||||