Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2024-02-08 CVE-2023-47020 Cross-Site Request Forgery (CSRF) vulnerability in Ncratleos Terminal Handler 1.5.1
Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group.
network
low complexity
ncratleos CWE-352
8.8
2024-02-08 CVE-2024-0511 Cross-Site Request Forgery (CSRF) vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87.
network
low complexity
royal-elementor-addons CWE-352
4.3
2024-02-07 CVE-2024-20252 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7/15.0
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2024-02-07 CVE-2024-20254 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7/15.0
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2024-02-07 CVE-2024-20255 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7/15.0
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system.
network
low complexity
cisco CWE-352
7.1
2024-02-06 CVE-2023-38579 Cross-Site Request Forgery (CSRF) vulnerability in Westermo L206-F2G Firmware 4.24
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly.
network
low complexity
westermo CWE-352
8.8
2024-02-06 CVE-2024-24593 Cross-Site Request Forgery (CSRF) vulnerability in Clear Clearml 0.17.0/1.14.1/1.4.0
A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html.
network
low complexity
clear CWE-352
8.8
2024-02-05 CVE-2024-0373 Cross-Site Request Forgery (CSRF) vulnerability in Formviewswp Views for Wpforms
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2.
network
low complexity
formviewswp CWE-352
4.3
2024-02-05 CVE-2024-0374 Cross-Site Request Forgery (CSRF) vulnerability in Formviewswp Views for Wpforms
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2.
network
low complexity
formviewswp CWE-352
4.3
2024-02-05 CVE-2024-0428 Cross-Site Request Forgery (CSRF) vulnerability in Kobzarev Index NOW
The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3.
network
low complexity
kobzarev CWE-352
8.8