Export limit exceeded: 10233 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10233 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3999 | 1 Dpdgroup | 1 Woocommerce Shipping | 2025-04-22 | 8.1 High |
| The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. | ||||
| CVE-2022-3853 | 1 Supra-csv-parser Project | 1 Supra-csv-parser | 2025-04-22 | 5.4 Medium |
| Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. | ||||
| CVE-2022-31294 | 1 Razormist | 1 Online Discussion Forum Site | 2025-04-22 | 6.5 Medium |
| An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. | ||||
| CVE-2021-46027 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-22 | 6.5 Medium |
| mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added | ||||
| CVE-2022-41263 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2025-04-22 | 4.3 Medium |
| Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application. | ||||
| CVE-2022-46074 | 1 Helmet Store Showroom Project | 1 Helmet Store Showroom | 2025-04-22 | 8.8 High |
| Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection. | ||||
| CVE-2022-46062 | 1 Gym Management System Project | 1 Gym Management System | 2025-04-22 | 4.5 Medium |
| Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2024-42612 | 2 Pigg, Pligg | 2 Cms, Pligg Cms | 2025-04-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add | ||||
| CVE-2024-42619 | 2 Kliqqi, Pligg | 2 Kliqqi Cms, Pligg Cms | 2025-04-21 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com | ||||
| CVE-2022-30694 | 1 Siemens | 223 6ag1151-8ab01-7ab0, 6ag1151-8ab01-7ab0 Firmware, 6ag1151-8fb01-2ab0 and 220 more | 2025-04-21 | 6.5 Medium |
| The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | ||||
| CVE-2017-9673 | 1 Simplece | 1 Simplece | 2025-04-20 | N/A |
| In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. | ||||
| CVE-2017-6002 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. | ||||
| CVE-2017-7881 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14. | ||||
| CVE-2017-7571 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2025-04-20 | 8.0 High |
| public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges. | ||||
| CVE-2017-6080 | 1 Zammad | 1 Zammad | 2025-04-20 | N/A |
| An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result. | ||||
| CVE-2015-5182 | 1 Redhat | 1 Amq | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | ||||
| CVE-2015-8255 | 1 Axis | 1 Axis Communications Firmware | 2025-04-20 | N/A |
| AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. | ||||
| CVE-2017-2688 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | N/A |
| The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. | ||||
| CVE-2017-5187 | 1 Microfocus | 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more | 2025-04-20 | N/A |
| A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. | ||||
| CVE-2017-8382 | 1 Admidio | 1 Admidio | 2025-04-20 | N/A |
| admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. | ||||