Export limit exceeded: 351621 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10037 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10037 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31913 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. | ||||
| CVE-2021-31762 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. | ||||
| CVE-2021-31760 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | ||||
| CVE-2021-31679 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.5 Medium |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers. | ||||
| CVE-2021-31678 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.5 Medium |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company. | ||||
| CVE-2021-31677 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.5 Medium |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords. | ||||
| CVE-2021-31659 | 1 Tp-link | 4 Tl-sg2005, Tl-sg2005 Firmware, Tl-sg2008 and 1 more | 2024-11-21 | 8.8 High |
| TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with. | ||||
| CVE-2021-31631 | 1 B2evolution | 1 B2evolution Cms | 2024-11-21 | 8.8 High |
| b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. | ||||
| CVE-2021-31604 | 1 Openvpn-monitor Project | 1 Openvpn-monitor | 2024-11-21 | 6.5 Medium |
| furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. | ||||
| CVE-2021-31584 | 1 Sipwise | 1 Next Generation Communication Platform | 2024-11-21 | 8.8 High |
| Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges. | ||||
| CVE-2021-31375 | 1 Juniper | 1 Junos | 2024-11-21 | 7.2 High |
| An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to be accepted or propagated. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2. | ||||
| CVE-2021-31152 | 1 Multilaser | 2 Ac1200 Re018, Ac1200 Re018 Firmware | 2024-11-21 | 8.8 High |
| Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. | ||||
| CVE-2021-30224 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. | ||||
| CVE-2021-30147 | 1 Dmasoftlab | 1 Radius Manager | 2024-11-21 | 8.8 High |
| DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. | ||||
| CVE-2021-30114 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 6.5 Medium |
| Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege. | ||||
| CVE-2021-30112 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 6.5 Medium |
| Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege. | ||||
| CVE-2021-29995 | 1 Cloverdx | 1 Cloverdx | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1. | ||||
| CVE-2021-29888 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 8.8 High |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123. | ||||
| CVE-2021-29837 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 8.8 High |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. | ||||
| CVE-2021-29823 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 6.5 Medium |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. | ||||