Export limit exceeded: 15927 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1719 | 1 Truzone | 1 Nuke Et | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document. | ||||
| CVE-2009-4349 | 1 Phpwebscripts | 1 Link Up Gold | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | ||||
| CVE-2008-2531 | 1 Buildanichestore3 | 1 Bans | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2009-3022 | 1 Itd-inc | 1 Bingo\!cms | 2026-04-23 | 6.5 Medium |
| Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors. | ||||
| CVE-2008-6480 | 1 Softnews Media Group | 1 Datalife Engine | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter. | ||||
| CVE-2009-1213 | 1 Mozilla | 1 Bugzilla | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing. | ||||
| CVE-2008-7016 | 1 Luke Mewburn | 1 Tnftpd | 2026-04-23 | N/A |
| tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server. | ||||
| CVE-2008-7151 | 2 Drupal, Gurpartap Singh | 2 Drupal, Live | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code. | ||||
| CVE-2009-1036 | 1 Drupal | 2 Drupal, Plus1 | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI. | ||||
| CVE-2008-7248 | 1 Rubyonrails | 1 Rails | 2026-04-23 | N/A |
| Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain. | ||||
| CVE-2009-2677 | 1 Hp | 1 Insight Control Suite For Linux | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2009-4572 | 1 Phpshop | 1 Phpshop | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI. | ||||
| CVE-2008-4448 | 1 Positive Software | 1 H-sphere | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions. | ||||
| CVE-2008-5568 | 1 Ipn-mate | 1 Ipn Pro 3 | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters. | ||||
| CVE-2008-4734 | 2 Pressography, Wordpress | 2 Wp Comment Remix Plugin, Wordpress | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcr_hidden_form_input parameter. | ||||
| CVE-2009-0039 | 1 Apache | 1 Geronimo | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown. | ||||
| CVE-2008-6048 | 1 Tangocms | 1 Tangocms | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators. | ||||
| CVE-2008-6169 | 1 Drupal | 2 Localization Client, Localization Server | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface." | ||||
| CVE-2008-5672 | 1 Phparanoid | 1 Phparanoid | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHParanoid before 0.4 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) admin.php or (2) private messages. | ||||
| CVE-2008-6331 | 1 Streber-pm | 1 Streber | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||