Export limit exceeded: 366632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10347 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10347 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4876 1 Basercms 1 Basercms 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.
CVE-2016-4854 1 Nttdocomo 2 L-04d, L-04d Firmware 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.
CVE-2016-4808 1 Web2py 1 Web2py 2025-04-20 N/A
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
CVE-2016-4319 1 Atlassian 1 Jira 2025-04-20 N/A
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
CVE-2016-4315 1 Wso2 1 Carbon 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp.
CVE-2016-4311 1 Wso2 1 Identity Server 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.
CVE-2016-3691 1 Kallithea-scm 1 Kallithea 2025-04-20 N/A
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.
CVE-2016-4907 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
CVE-2016-3029 1 Ibm 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more 2025-04-20 N/A
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2016-3017 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2025-04-20 N/A
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations.
CVE-2015-2878 1 Watchguard 1 Hawkeye G 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.
CVE-2016-2965 1 Ibm 1 Sametime 2025-04-20 N/A
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.
CVE-2016-2539 1 Atutor 1 Atutor 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.
CVE-2016-1265 1 Juniper 1 Junos Space 2025-04-20 N/A
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.
CVE-2016-1261 1 Juniper 1 Junos 2025-04-20 N/A
J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS).
CVE-2016-1161 1 Zohocorp 1 Password Manager Pro 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500).
CVE-2016-1000218 1 Elastic 1 Kibana Reporting 2025-04-20 N/A
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.
CVE-2015-9233 1 Codepeople 1 Cp Contact Form With Paypal 2025-04-20 8.8 High
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
CVE-2024-30617 1 Chamilo 1 Chamilo Lms 2025-04-18 5.4 Medium
A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.
CVE-2024-3756 1 Mf Gig Calendar Project 1 Mf Gig Calendar 2025-04-18 7.5 High
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack