Export limit exceeded: 364348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10321 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32162 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. | ||||
| CVE-2021-32159 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | ||||
| CVE-2021-32156 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | ||||
| CVE-2021-32122 | 1 Netgear | 8 Ex3700, Ex3700 Firmware, Ex3800 and 5 more | 2024-11-21 | 9.8 Critical |
| Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44. | ||||
| CVE-2021-32096 | 1 Nsa | 1 Emissary | 2024-11-21 | 8.8 High |
| The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter. | ||||
| CVE-2021-32073 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution. | ||||
| CVE-2021-31913 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. | ||||
| CVE-2021-31762 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. | ||||
| CVE-2021-31760 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | ||||
| CVE-2021-31679 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.5 Medium |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers. | ||||
| CVE-2021-31678 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.5 Medium |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company. | ||||
| CVE-2021-31677 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.5 Medium |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords. | ||||
| CVE-2021-31659 | 1 Tp-link | 4 Tl-sg2005, Tl-sg2005 Firmware, Tl-sg2008 and 1 more | 2024-11-21 | 8.8 High |
| TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with. | ||||
| CVE-2021-31631 | 1 B2evolution | 1 B2evolution Cms | 2024-11-21 | 8.8 High |
| b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. | ||||
| CVE-2021-31604 | 1 Openvpn-monitor Project | 1 Openvpn-monitor | 2024-11-21 | 6.5 Medium |
| furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. | ||||
| CVE-2021-31584 | 1 Sipwise | 1 Next Generation Communication Platform | 2024-11-21 | 8.8 High |
| Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges. | ||||
| CVE-2021-31375 | 1 Juniper | 1 Junos | 2024-11-21 | 7.2 High |
| An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to be accepted or propagated. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2. | ||||
| CVE-2021-31152 | 1 Multilaser | 2 Ac1200 Re018, Ac1200 Re018 Firmware | 2024-11-21 | 8.8 High |
| Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. | ||||
| CVE-2021-30224 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. | ||||
| CVE-2021-30147 | 1 Dmasoftlab | 1 Radius Manager | 2024-11-21 | 8.8 High |
| DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. | ||||