Total
9168 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11455 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2025-04-20 | N/A |
| diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | ||||
| CVE-2017-6127 | 1 Digisol | 2 Dg-hr1400, Dg-hr1400 Firmware | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi. | ||||
| CVE-2017-1000244 | 1 Jenkins | 1 Favorite | 2025-04-20 | N/A |
| Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | ||||
| CVE-2016-8018 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input. | ||||
| CVE-2015-2143 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters. | ||||
| CVE-2017-9413 | 1 Subsonic | 1 Subsonic | 2025-04-20 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks. | ||||
| CVE-2017-9062 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | N/A |
| In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | ||||
| CVE-2016-6103 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2016-5937 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2016-5758 | 1 Netiq | 1 Access Manager | 2025-04-20 | N/A |
| A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. | ||||
| CVE-2016-4928 | 1 Juniper | 1 Junos Space | 2025-04-20 | N/A |
| Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. | ||||
| CVE-2016-4891 | 1 Setucocms Project | 1 Setucocms | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors. | ||||
| CVE-2016-4808 | 1 Web2py | 1 Web2py | 2025-04-20 | N/A |
| Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. | ||||
| CVE-2017-17990 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | N/A |
| Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | ||||
| CVE-2016-4315 | 1 Wso2 | 1 Carbon | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp. | ||||
| CVE-2016-4311 | 1 Wso2 | 1 Identity Server | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request. | ||||
| CVE-2016-5372 | 1 Netapp | 1 Snap Creator Framework | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | ||||
| CVE-2015-8624 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | N/A |
| The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623. | ||||
| CVE-2016-7809 | 1 Corega | 2 Cg-wlr300nx, Cg-wlr300nx Firmware | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors. | ||||
| CVE-2016-10206 | 1 Zoneminder | 1 Zoneminder | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. | ||||