Total
8237 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4403 | 2 Lollms, Parisneo | 2 Lollms-webui, Lollms-webui | 2025-08-15 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function. | ||||
| CVE-2024-1522 | 1 Lollms | 1 Lollms Web Ui | 2025-08-15 | N/A |
| A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application. | ||||
| CVE-2024-1504 | 1 Secupress | 1 Secupress | 2025-08-15 | 4.3 Medium |
| The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function. This makes it possible for unauthenticated attackers to block a user's IP via a forged request granted they can trick the user into performing an action such as clicking on a link. | ||||
| CVE-2025-49555 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | 8.1 High |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed. | ||||
| CVE-2024-49779 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-08-15 | 4.3 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to bypass security restrictions, caused by improper validation and management of authentication cookies. By modifying the CSRF token and Session Id cookie parameters using the cookies of another user, a remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application. | ||||
| CVE-2025-52767 | 2 Lisensee, Wordpress | 2 Netinsight Analytics Implementation Plugin, Wordpress | 2025-08-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Cross Site Request Forgery. This issue affects NetInsight Analytics Implementation Plugin: from n/a through 1.0.3. | ||||
| CVE-2025-53587 | 2 Apustheme, Wordpress | 2 Findgo, Wordpress | 2025-08-15 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Cross Site Request Forgery. This issue affects Findgo: from n/a through 1.3.57. | ||||
| CVE-2025-53347 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2025-08-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3. | ||||
| CVE-2025-53249 | 2 Hakeemnala, Wordpress | 2 Build App Online, Wordpress | 2025-08-15 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online allows Cross Site Request Forgery. This issue affects Build App Online: from n/a through 1.0.23. | ||||
| CVE-2025-52797 | 2 Josepsitjar, Wordpress | 2 Storymap, Wordpress | 2025-08-15 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection. This issue affects StoryMap: from n/a through 2.1. | ||||
| CVE-2025-52765 | 2 Lisensee, Wordpress | 2 Netinsight Analytics Implementation Plugin, Wordpress | 2025-08-15 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Stored XSS. This issue affects NetInsight Analytics Implementation Plugin: from n/a through 1.0.3. | ||||
| CVE-2025-54732 | 2 Shahjada, Wordpress | 2 Wpdm Premium Packages, Wordpress | 2025-08-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages allows Cross Site Request Forgery. This issue affects WPDM – Premium Packages: from n/a through 6.0.2. | ||||
| CVE-2025-53219 | 2 Pl4g4, Wordpress | 2 Wp-database-optimizer-tools, Wordpress | 2025-08-15 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools allows Cross Site Request Forgery. This issue affects WP-Database-Optimizer-Tools: from n/a through 0.2. | ||||
| CVE-2025-49044 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows Stored XSS. This issue affects Simple Poll: from n/a through 1.1.1. | ||||
| CVE-2025-54673 | 2 Ays-pro, Wordpress | 2 Chartify, Wordpress | 2025-08-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify allows Cross Site Request Forgery. This issue affects Chartify: from n/a through 3.5.3. | ||||
| CVE-2025-54671 | 2 Bobbingwide, Wordpress | 2 Oik, Wordpress | 2025-08-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik allows Cross Site Request Forgery. This issue affects oik: from n/a through 4.15.2. | ||||
| CVE-2025-54682 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4. | ||||
| CVE-2025-54694 | 2 Bplugins, Wordpress | 2 Button Block, Wordpress | 2025-08-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0. | ||||
| CVE-2025-8491 | 2 Nikelschubert, Wordpress | 2 Easy Restaurant Menu Manager Plugin, Wordpress | 2025-08-13 | 4.3 Medium |
| The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-3150 | 1 Itning | 1 Student-homework-management-system | 2025-08-13 | 4.3 Medium |
| A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | ||||