Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13129 | 1 Zkteco | 1 Zktime Web | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
|
|||||
| CVE-2016-8350 | 1 Moxa | 19 Iologik E1200 Series Firmware, Iologik E1210, Iologik E1211 and 16 more | 2025-04-20 | 6.8 MEDIUM | 6.3 MEDIUM |
|
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 ...
Show More |
|||||
| CVE-2016-5758 | 1 Netiq | 1 Access Manager | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.
|
|||||
| CVE-2017-5475 | 1 S9y | 1 Serendipity | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
|
|||||
| CVE-2017-8101 | 1 S9y | 1 Serendipity | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
|
|||||
| CVE-2017-1000085 | 1 Jenkins | 1 Subversion | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without dire ...
Show More |
|||||
| CVE-2017-9062 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
|
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
|
|||||
| CVE-2015-3655 | 1 Arubanetworks | 1 Clearpass | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.
|
|||||
| CVE-2016-4907 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
|
|||||
| CVE-2016-2539 | 1 Atutor | 1 Atutor | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.
|
|||||
| CVE-2017-1097 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
|
|||||
| CVE-2017-15296 | 1 Sap | 1 Customer Relationship Management | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
|
|||||
| CVE-2017-11350 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices.
|
|||||
| CVE-2017-7178 | 2 Debian, Deluge-torrent | 2 Debian Linux, Deluge | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
|
|||||
| CVE-2017-16244 | 1 Octobercms | 1 October | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
|
|||||
| CVE-2017-8848 | 1 Allen Disk Project | 1 Allen Disk | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
|
|||||
| CVE-2016-8917 | 1 Ibm | 1 Sterling Selling And Fulfillment Foundation | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.
|
|||||
| CVE-2015-8623 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.
|
|||||
| CVE-2017-11648 | 1 Techroutes | 2 Tr 1803-3g, Tr 1803-3g Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.
|
|||||
| CVE-2015-8255 | 1 Axis | 1 Axis Communications Firmware | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.
|
|||||
| CVE-2017-5473 | 1 Ntop | 1 Ntopng | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.
|
|||||
| CVE-2017-15063 | 1 Intelliants | 1 Subrion | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.
|
|||||
| CVE-2017-8382 | 1 Admidio | 1 Admidio | 2025-04-20 | 3.5 LOW | 4.5 MEDIUM |
|
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
|
|||||
| CVE-2024-30617 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 5.4 MEDIUM |
|
A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.
|
|||||
| CVE-2024-3756 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2025-04-18 | N/A | 7.5 HIGH |
|
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack
|
|||||
| CVE-2024-51156 | 1 07fly | 1 07flycms | 2025-04-18 | N/A | 4.7 MEDIUM |
|
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'.
|
|||||
| CVE-2024-51157 | 1 07fly | 1 07flycms | 2025-04-18 | N/A | 4.7 MEDIUM |
|
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html.
|
|||||
| CVE-2025-21576 | 1 Oracle | 1 Commerce Platform | 2025-04-17 | N/A | 5.4 MEDIUM |
|
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact add ...
Show More |
|||||
| CVE-2025-39416 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! allows Stored XSS. This issue affects translit it!: from n/a through 1.6.
|
|||||
| CVE-2025-39425 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager allows Cross Site Request Forgery. This issue affects Style Manager: from n/a through 2.2.7.
|
|||||
| CVE-2025-39441 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads allows Stored XSS. This issue affects Dashboard Notepads: from n/a through 1.2.1.
|
|||||
| CVE-2025-39431 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n/a through 2.2.
|
|||||
| CVE-2025-39422 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking allows Stored XSS. This issue affects WP Social Bookmarking: from n/a through 3.6.
|
|||||
| CVE-2025-39414 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS. This issue affects spam-stopper: from n/a through 3.1.3.
|
|||||
| CVE-2025-32545 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in SOFTAGON WooCommerce Products without featured images allows Reflected XSS. This issue affects WooCommerce Products without featured images: from n/a through 0.1.
|
|||||
| CVE-2025-39426 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in illow illow – Cookies Consent allows Cross Site Request Forgery. This issue affects illow – Cookies Consent: from n/a through 0.2.0.
|
|||||
| CVE-2025-39443 | 2025-04-17 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0.
|
|||||
| CVE-2025-39433 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in beke_ro Bknewsticker allows Stored XSS. This issue affects Bknewsticker: from n/a through 1.0.5.
|
|||||
| CVE-2025-39435 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr My Marginalia allows Stored XSS. This issue affects My Marginalia: from n/a through 1.0.6.
|
|||||
| CVE-2025-39421 | 2025-04-17 | N/A | 7.1 HIGH | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons allows Stored XSS. This issue affects WP Sticky Side Buttons: from n/a through 2.1.
|
|||||