Export limit exceeded: 10350 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10350 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-3999 1 Dpdgroup 1 Woocommerce Shipping 2025-04-22 8.1 High
The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.
CVE-2022-3853 1 Supra-csv-parser Project 1 Supra-csv-parser 2025-04-22 5.4 Medium
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.
CVE-2021-46027 1 Wangl1989 1 Mysiteforme 2025-04-22 6.5 Medium
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added
CVE-2022-31294 1 Razormist 1 Online Discussion Forum Site 2025-04-22 6.5 Medium
An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.
CVE-2022-41263 1 Sap 1 Business Objects Business Intelligence Platform 2025-04-22 4.3 Medium
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.
CVE-2022-46074 1 Helmet Store Showroom Project 1 Helmet Store Showroom 2025-04-22 8.8 High
Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection.
CVE-2022-46062 1 Gym Management System Project 1 Gym Management System 2025-04-22 4.5 Medium
Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2024-42612 2 Pigg, Pligg 2 Cms, Pligg Cms 2025-04-21 8.8 High
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add
CVE-2024-42619 2 Kliqqi, Pligg 2 Kliqqi Cms, Pligg Cms 2025-04-21 8.8 High
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
CVE-2022-30694 1 Siemens 223 6ag1151-8ab01-7ab0, 6ag1151-8ab01-7ab0 Firmware, 6ag1151-8fb01-2ab0 and 220 more 2025-04-21 6.5 Medium
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
CVE-2017-9365 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
CVE-2017-12589 1 Tomaxcom 4 R60g, R60g Firmware, R60gv2 and 1 more 2025-04-20 N/A
ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.
CVE-2017-7675 1 Apache 1 Tomcat 2025-04-20 N/A
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
CVE-2017-1442 1 Ibm 1 Emptoris Services Procurement 2025-04-20 N/A
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.
CVE-2017-12584 1 Slims 1 Senayan Library Management System 2025-04-20 8.8 High
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation.
CVE-2017-1194 1 Ibm 1 Websphere Application Server 2025-04-20 N/A
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
CVE-2016-3691 1 Kallithea-scm 1 Kallithea 2025-04-20 N/A
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.
CVE-2017-11876 1 Microsoft 2 Project Server, Sharepoint Enterprise Server 2025-04-20 N/A
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
CVE-2017-11196 1 Pulsesecure 1 Pulse Connect Secure 2025-04-20 N/A
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.
CVE-2017-7666 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.