Export limit exceeded: 10350 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10350 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3999 | 1 Dpdgroup | 1 Woocommerce Shipping | 2025-04-22 | 8.1 High |
| The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. | ||||
| CVE-2022-3853 | 1 Supra-csv-parser Project | 1 Supra-csv-parser | 2025-04-22 | 5.4 Medium |
| Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. | ||||
| CVE-2021-46027 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-22 | 6.5 Medium |
| mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added | ||||
| CVE-2022-31294 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 6.5 Medium |
| An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. | ||||
| CVE-2022-41263 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2025-04-22 | 4.3 Medium |
| Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application. | ||||
| CVE-2022-46074 | 1 Helmet Store Showroom Project | 1 Helmet Store Showroom | 2025-04-22 | 8.8 High |
| Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection. | ||||
| CVE-2022-46062 | 1 Gym Management System Project | 1 Gym Management System | 2025-04-22 | 4.5 Medium |
| Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2024-42612 | 2 Pigg, Pligg | 2 Cms, Pligg Cms | 2025-04-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add | ||||
| CVE-2024-42619 | 2 Kliqqi, Pligg | 2 Kliqqi Cms, Pligg Cms | 2025-04-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com | ||||
| CVE-2022-30694 | 1 Siemens | 223 6ag1151-8ab01-7ab0, 6ag1151-8ab01-7ab0 Firmware, 6ag1151-8fb01-2ab0 and 220 more | 2025-04-21 | 6.5 Medium |
| The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | ||||
| CVE-2017-9365 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked. | ||||
| CVE-2017-12589 | 1 Tomaxcom | 4 R60g, R60g Firmware, R60gv2 and 1 more | 2025-04-20 | N/A |
| ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. | ||||
| CVE-2017-7675 | 1 Apache | 1 Tomcat | 2025-04-20 | N/A |
| The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. | ||||
| CVE-2017-1442 | 1 Ibm | 1 Emptoris Services Procurement | 2025-04-20 | N/A |
| IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107. | ||||
| CVE-2017-12584 | 1 Slims | 1 Senayan Library Management System | 2025-04-20 | 8.8 High |
| There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. | ||||
| CVE-2017-1194 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. | ||||
| CVE-2016-3691 | 1 Kallithea-scm | 1 Kallithea | 2025-04-20 | N/A |
| Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. | ||||
| CVE-2017-11876 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2025-04-20 | N/A |
| Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability". | ||||
| CVE-2017-11196 | 1 Pulsesecure | 1 Pulse Connect Secure | 2025-04-20 | N/A |
| Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page. | ||||
| CVE-2017-7666 | 1 Apache | 1 Openmeetings | 2025-04-20 | N/A |
| Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | ||||