Total
8382 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42608 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php. | ||||
| CVE-2024-42579 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42577 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42580 | 2 Oswapp, Siamonhasan | 2 Warehouse Inventory System, Warehouse Inventory System | 2024-08-21 | 5.7 Medium |
| A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42581 | 2 Oswapp, Siamonhasan | 2 Warehouse Inventory System, Warehouse Inventory System | 2024-08-21 | 9.6 Critical |
| A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42582 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42583 | 2 Siamonhasan, Warehouse Inventory System | 2 Warehouse Inventory System, Warehouse Inventory System | 2024-08-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. | ||||
| CVE-2024-42603 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 5.7 Medium |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall | ||||
| CVE-2024-42605 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 7.1 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1 | ||||
| CVE-2024-42606 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 5.7 Medium |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1 | ||||
| CVE-2024-42607 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database | ||||
| CVE-2024-42609 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 7.1 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars | ||||
| CVE-2024-42610 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files | ||||
| CVE-2024-42611 | 2 Kliqqi, Pligg | 2 Kliqqi Cms, Pligg Cms | 2024-08-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete | ||||
| CVE-2024-42613 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet | ||||
| CVE-2024-42617 | 2 Kliqqi, Pligg | 2 Kliqqi Cms, Pligg Cms | 2024-08-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32 | ||||
| CVE-2024-42618 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma | ||||
| CVE-2024-42621 | 1 Pligg | 1 Pligg Cms | 2024-08-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php | ||||
| CVE-2024-42476 | 2024-08-20 | 6.5 Medium | ||
| In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with protected resources belonging to an attacker. When this project is compiled with certain compiler flags set, it is possible that the `state` parameter will not be checked at all, creating a CSRF vulnerability. Version 0.11 checks the `state` parameter using a regular `if` statement or `doAssert` instead of relying on a plain `assert`. `doAssert` will achieve the desired behavior even if `-d:danger` or `--assertions:off` is set. | ||||
| CVE-2024-42475 | 2024-08-19 | 6.5 Medium | ||
| In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected resources. While `state` isn't exactly a cryptographic value, it should be generated in a cryptographically secure way. `generateState` should be using a CSPRNG. Version 0.11 modifies the `generateState` function to generate `state` values of at least 128 bits of entropy while using a CSPRNG. | ||||