Export limit exceeded: 45980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9189 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8382 | 1 Admidio | 1 Admidio | 2025-04-20 | N/A |
| admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. | ||||
| CVE-2014-9136 | 1 Huawei | 11 Fusionmanager, Usg2100, Usg2100 Firmware and 8 more | 2025-04-20 | N/A |
| Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | ||||
| CVE-2014-9137 | 1 Huawei | 11 Fusionmanager, Usg2100, Usg2100 Firmware and 8 more | 2025-04-20 | N/A |
| Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | ||||
| CVE-2014-8900 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. | ||||
| CVE-2015-4089 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page. | ||||
| CVE-2015-5395 | 2 Alinto, Debian | 2 Sogo, Debian Linux | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | ||||
| CVE-2015-0276 | 1 Kallithea-scm | 1 Kallithea | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | ||||
| CVE-2012-4568 | 1 Letodms Project | 1 Letodms | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | N/A |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | ||||
| CVE-2017-17908 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2025-04-20 | N/A |
| PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | ||||
| CVE-2017-3877 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | N/A |
| A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2). | ||||
| CVE-2017-5943 | 1 Bestpractical | 1 Request Tracker | 2025-04-20 | N/A |
| Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. | ||||
| CVE-2017-5959 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | N/A |
| CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token. | ||||
| CVE-2017-6002 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. | ||||
| CVE-2017-6038 | 1 Belden Hirschmann | 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request. | ||||
| CVE-2017-6042 | 1 Sierra Wireless | 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request. | ||||
| CVE-2017-6066 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. | ||||
| CVE-2017-6068 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. | ||||
| CVE-2017-6069 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. | ||||
| CVE-2017-6080 | 1 Zammad | 1 Zammad | 2025-04-20 | N/A |
| An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result. | ||||