Export limit exceeded: 10031 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10031 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15238 | 1 Cformsii Project | 1 Cformsii | 2024-11-21 | N/A |
| The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. | ||||
| CVE-2019-15229 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A |
| FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | ||||
| CVE-2019-15164 | 1 Tcpdump | 1 Libpcap | 2024-11-21 | 5.3 Medium |
| rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. | ||||
| CVE-2019-15150 | 1 Schine.games | 1 Mw-oauth2client | 2024-11-21 | 8.8 High |
| In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function. | ||||
| CVE-2019-15128 | 1 If.svnadmin Project | 1 If.svnadmin | 2024-11-21 | N/A |
| iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. | ||||
| CVE-2019-15126 | 2 Apple, Broadcom | 15 Ipados, Iphone Os, Mac Os X and 12 more | 2024-11-21 | 3.1 Low |
| An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. | ||||
| CVE-2019-15115 | 1 Profilepress | 1 Loginwp | 2024-11-21 | N/A |
| The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. | ||||
| CVE-2019-15114 | 1 Ncrafts | 1 Formcraft | 2024-11-21 | N/A |
| The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. | ||||
| CVE-2019-15113 | 1 Codeermeneer | 1 Companion Sitemap Generator | 2024-11-21 | N/A |
| The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. | ||||
| CVE-2019-15089 | 1 Prise | 1 Adas | 2024-11-21 | 8.8 High |
| An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator. | ||||
| CVE-2019-15062 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.) | ||||
| CVE-2019-15040 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 8.8 High |
| JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | ||||
| CVE-2019-14999 | 1 Atlassian | 1 Universal Plugin Manager | 2024-11-21 | N/A |
| The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator. | ||||
| CVE-2019-14998 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 6.5 Medium |
| The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. | ||||
| CVE-2019-14933 | 1 Webkul | 1 Bagisto | 2024-11-21 | N/A |
| Bagisto 0.1.5 allows CSRF under /admin URIs. | ||||
| CVE-2019-14836 | 1 Redhat | 2 3scale, 3scale Amp | 2024-11-21 | 8.8 High |
| A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks. | ||||
| CVE-2019-14823 | 3 Jss Cryptomanager Project, Linux, Redhat | 10 Jss Cryptomanager, Linux Kernel, Enterprise Linux and 7 more | 2024-11-21 | 7.4 High |
| A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle. | ||||
| CVE-2019-14703 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-11-21 | N/A |
| A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. | ||||
| CVE-2019-14683 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | 5.7 Medium |
| The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. | ||||
| CVE-2019-14682 | 1 Acf\ | 1 Better Search Project | 2024-11-21 | N/A |
| The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. | ||||