Export limit exceeded: 17684 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9942 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44389 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | 6.5 Medium |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | ||||
| CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | 8.8 High |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | ||||
| CVE-2024-13146 | 1 Fs-code | 1 Booknetic | 2025-04-30 | 8.8 High |
| The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack | ||||
| CVE-2022-45393 | 1 Jenkins | 1 Delete Log | 2025-04-30 | 3.5 Low |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | ||||
| CVE-2024-42768 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management | 2025-04-30 | 6.8 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. | ||||
| CVE-2024-45527 | 2 Redcap, Vanderbilt | 2 Redcap, Redcap | 2025-04-30 | 6.1 Medium |
| REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website. | ||||
| CVE-2022-45398 | 1 Jenkins | 1 Cluster Statistics | 2025-04-30 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | ||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | 8.8 High |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | ||||
| CVE-2022-3750 | 1 Inkthemes | 1 Ask Me | 2025-04-30 | 4.7 Medium |
| The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. | ||||
| CVE-2022-3538 | 1 Webmaster Tools Verification Project | 1 Webmaster Tools Verification | 2025-04-30 | 6.5 Medium |
| The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | ||||
| CVE-2021-25976 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-04-30 | 8.1 High |
| In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. | ||||
| CVE-2021-25965 | 1 Janeczku | 1 Calibre-web | 2025-04-30 | 8.8 High |
| In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. | ||||
| CVE-2022-43693 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | 8.8 High |
| Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. | ||||
| CVE-2025-27189 | 1 Adobe | 1 Commerce B2b | 2025-04-30 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website. | ||||
| CVE-2022-43548 | 3 Debian, Nodejs, Redhat | 5 Debian Linux, Node.js, Enterprise Linux and 2 more | 2025-04-30 | 8.1 High |
| A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | ||||
| CVE-2022-42246 | 1 Duofoxtechnologies | 1 Duofox Cms | 2025-04-29 | 8.8 High |
| Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. | ||||
| CVE-2020-23582 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | 6.5 Medium |
| A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID. | ||||
| CVE-2021-29334 | 1 Jizhicms | 1 Jizhicms | 2025-04-29 | 8.8 High |
| An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html | ||||
| CVE-2020-23593 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | 6.5 Medium |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port. | ||||
| CVE-2020-23592 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | 8.8 High |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials. | ||||