Export limit exceeded: 10207 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10207 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6918 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed. | ||||
| CVE-2017-6086 | 1 Vimbadmin | 1 Vimbadmin | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php. | ||||
| CVE-2016-1161 | 1 Zohocorp | 1 Password Manager Pro | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). | ||||
| CVE-2017-6127 | 1 Digisol | 2 Dg-hr1400, Dg-hr1400 Firmware | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi. | ||||
| CVE-2017-2102 | 1 Ipa | 1 Appgoat | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2017-9930 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. | ||||
| CVE-2016-10229 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 9.8 Critical |
| udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. | ||||
| CVE-2016-3695 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | N/A |
| The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | ||||
| CVE-2017-8928 | 1 Mailcow | 1 Mailcow\ | 2025-04-20 | 8.8 High |
| mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | ||||
| CVE-2017-8875 | 1 Codection | 1 Clean Login | 2025-04-20 | N/A |
| CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. | ||||
| CVE-2016-10701 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2025-04-20 | N/A |
| In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | ||||
| CVE-2017-6180 | 1 Keekoonvision | 2 Kk002 Ip Camera, Kk002 Ip Camera Firmware | 2025-04-20 | N/A |
| Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages). | ||||
| CVE-2017-8874 | 1 Acquia | 1 Mautic | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts. | ||||
| CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | ||||
| CVE-2017-8082 | 1 Concretecms | 1 Concrete Cms | 2025-04-20 | N/A |
| concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators. | ||||
| CVE-2016-0356 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895. | ||||
| CVE-2016-0355 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
| IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. | ||||
| CVE-2017-8836 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | N/A |
| CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface. | ||||
| CVE-2017-17891 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2025-04-20 | N/A |
| Readymade Video Sharing Script has CSRF via user-profile-edit.php. | ||||
| CVE-2016-4885 | 1 Basercms | 1 Basercms | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||