Export limit exceeded: 22043 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10028 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10028 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4783 | 1 Ibm | 1 Initiate Master Data Service | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-4785 | 1 Ibm | 1 Initiate Master Data Service | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-4816 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-4829 | 1 Ibm | 3 Qradar Risk Manager, Qradar Security Information And Event Manager, Qradar Vulnerability Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-4839 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-4865 | 1 Cacheguard | 1 Cacheguardos | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2014-4964 | 1 Shopizer | 1 Shopizer | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that (1) modify customer settings or hijack the authentication of administrators for requests that change (2) customer passwords, (3) shop configuration, or (4) product details, as demonstrated by (5) modify a product's price via a crafted request to central/catalog/saveproduct.action or (6) creating a product review via a crafted request to shop/product/createReview.action. | ||||
| CVE-2014-8246 | 1 Broadcom | 1 Release Automation | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2014-8331 | 1 Huawei | 2 E3236 Firmware, E3276 Firmware | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions. | ||||
| CVE-2014-8429 | 1 Xavoc | 1 Xepan Cms | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page. | ||||
| CVE-2014-8473 | 1 Ca | 1 Cloud Service Management | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2014-8521 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8523 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2014-9276 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview. | ||||
| CVE-2014-9300 | 1 Alfresco | 1 Alfresco | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter. | ||||
| CVE-2014-9331 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do. | ||||
| CVE-2014-9334 | 1 Bird Feeder Project | 1 Bird Feeder | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) user or (2) password parameter in the bird-feeder page to wp-admin/options-general.php. | ||||
| CVE-2014-9335 | 1 Dandyid Services Project | 1 Dandyid Services | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) email_address or (2) sidebarTitle parameter in the dandyid-services.php page to wp-admin/options-general.php. | ||||
| CVE-2014-9336 | 1 Itwitter Project | 1 Itwitter | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php. | ||||
| CVE-2014-9337 | 1 Mikiurl Wordpress Eklentisi Project | 1 Mikiurl Wordpress Eklentisi | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) twitter_kullanici or (2) twitter_sifre parameter in a kaydet action in the mikiurl.php page to wp-admin/options-general.php. | ||||