Export limit exceeded: 363079 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9397 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7715 | 1 Realtyna | 1 Realtyna Property Listing | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php. | ||||
| CVE-2016-2539 | 1 Atutor | 1 Atutor | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | ||||
| CVE-2016-4315 | 1 Wso2 | 1 Carbon | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. | ||||
| CVE-2017-5489 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. | ||||
| CVE-2017-7423 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2025-04-20 | N/A |
| A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default. | ||||
| CVE-2016-4882 | 1 Basercms | 1 Basercms | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2017-3794 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | N/A |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. | ||||
| CVE-2017-17774 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| admin/configuration.php in Piwigo 2.9.2 has CSRF. | ||||
| CVE-2017-1631 | 1 Ibm | 1 Jazz For Service Management | 2025-04-20 | N/A |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. | ||||
| CVE-2016-7507 | 1 Glpi-project | 1 Glpi | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. | ||||
| CVE-2017-7926 | 1 Osisoft | 1 Pi Web Api | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. | ||||
| CVE-2015-9233 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2025-04-20 | 8.8 High |
| The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | ||||
| CVE-2017-10678 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. | ||||
| CVE-2017-11680 | 1 Project Hashtopussy | 1 Hashtopussy | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. | ||||
| CVE-2017-11679 | 1 Hashtopus Project | 1 Hashtopus | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | ||||
| CVE-2017-14530 | 1 Crony Cronjob Manager Project | 1 Crony Cronjob Manager | 2025-04-20 | 8.0 High |
| WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences. | ||||
| CVE-2015-5182 | 1 Redhat | 1 Amq | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | ||||
| CVE-2024-30617 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 5.4 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge. | ||||
| CVE-2024-3756 | 1 Mf Gig Calendar Project | 1 Mf Gig Calendar | 2025-04-18 | 7.5 High |
| The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack | ||||
| CVE-2024-51156 | 1 07fly | 1 07flycms | 2025-04-18 | 4.7 Medium |
| 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'. | ||||