Export limit exceeded: 10307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10307 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-41263 1 Sap 1 Business Objects Business Intelligence Platform 2025-04-22 4.3 Medium
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.
CVE-2022-46074 1 Helmet Store Showroom Project 1 Helmet Store Showroom 2025-04-22 8.8 High
Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection.
CVE-2022-46062 1 Gym Management System Project 1 Gym Management System 2025-04-22 4.5 Medium
Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2024-42612 2 Pigg, Pligg 2 Cms, Pligg Cms 2025-04-21 8.8 High
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add
CVE-2024-42619 2 Kliqqi, Pligg 2 Kliqqi Cms, Pligg Cms 2025-04-21 8.8 High
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
CVE-2022-30694 1 Siemens 223 6ag1151-8ab01-7ab0, 6ag1151-8ab01-7ab0 Firmware, 6ag1151-8fb01-2ab0 and 220 more 2025-04-21 6.5 Medium
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
CVE-2015-4639 1 Koha 1 Koha 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
CVE-2017-6916 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.
CVE-2012-4568 1 Letodms Project 1 Letodms 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2017-17827 1 Piwigo 1 Piwigo 2025-04-20 N/A
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.
CVE-2017-15734 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
CVE-2017-17830 1 Doditsolutions 1 Bus Booking Script 2025-04-20 N/A
Bus Booking Script has CSRF via admin/new_master.php.
CVE-2017-2223 1 Iodata 14 Ts-ptcam\/poe Camera, Ts-ptcam\/poe Camera Firmware, Ts-ptcam Camera and 11 more 2025-04-20 N/A
Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2017-7177 1 Openinfosecfoundation 1 Suricata 2025-04-20 N/A
Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
CVE-2017-5943 1 Bestpractical 1 Request Tracker 2025-04-20 N/A
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
CVE-2017-5187 1 Microfocus 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more 2025-04-20 N/A
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.
CVE-2016-10313 1 Jensenofscandinavia 6 Al3g, Al3g Firmware, Al5000ac and 3 more 2025-04-20 N/A
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages.
CVE-2017-11726 1 Connectwise 1 Manage 2025-04-20 N/A
services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.
CVE-2017-7620 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.
CVE-2016-1000218 1 Elastic 1 Kibana Reporting 2025-04-20 N/A
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.