Export limit exceeded: 366632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10347 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3792 | 1 Beetel | 2 450tc2 Router, 450tc2 Router Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1. | ||||
| CVE-2014-0933 | 1 Ibm | 1 Infosphere Information Server Metadata Workbench | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-3388 | 1 Balanced | 1 Commerce Balanced Payments | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors. | ||||
| CVE-2014-0929 | 1 Ibm | 1 Connections | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions. | ||||
| CVE-2015-6523 | 1 Portfolio Project | 1 Portfolio | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php. | ||||
| CVE-2014-0885 | 1 Ibm | 1 Lotus Protector For Mail Security | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-4281 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | ||||
| CVE-2016-4845 | 1 Iodata | 13 Hvl-a, Hvl-a2.0 Firmware, Hvl-a3.0 Firmware and 10 more | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. | ||||
| CVE-2016-2863 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-0873 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-6541 | 1 Zimbra | 1 Zimbra Collaboration Server | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. | ||||
| CVE-2016-4820 | 1 Iodata | 2 Etx-r, Etx-r Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-2350 | 1 Mikrotik | 1 Routeros | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg. | ||||
| CVE-2014-3760 | 1 Dlink | 2 Dap 1150, Dap 1150 Firmware | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable the DMZ in the Firewall/DMZ section via a request to index.cgi or (3) add, (4) modify, or (5) delete URL-filter settings in the Control/URL-filter section via a request to index.cgi, as demonstrated by adding a rule that blocks access to google.com. | ||||
| CVE-2015-5188 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission. | ||||
| CVE-2015-5571 | 6 Adobe, Apple, Google and 3 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | N/A |
| Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333. | ||||
| CVE-2015-5660 | 1 Extplorer | 1 Extplorer | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code. | ||||
| CVE-2015-5665 | 1 Lockon | 1 Ec-cube | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function. | ||||
| CVE-2014-0641 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-5990 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | ||||