Total
9397 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17905 | 1 Car Rental Script Project | 1 Car Rental Script | 2025-04-20 | N/A |
| PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | ||||
| CVE-2017-16565 | 1 Grandstream | 2 Ht802, Ht802 Firmware | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. | ||||
| CVE-2015-5607 | 2 Fedoraproject, Ipython | 2 Fedora, Ipython | 2025-04-20 | N/A |
| Cross-site request forgery in the REST API in IPython 2 and 3. | ||||
| CVE-2017-15729 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | ||||
| CVE-2017-15084 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | N/A |
| The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | ||||
| CVE-2017-14011 | 1 Prominent | 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware | 2025-04-20 | N/A |
| A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the configuration of the device. | ||||
| CVE-2016-9975 | 1 Ibm | 2 Dashboard Application Services Hub, Jazz For Service Management | 2025-04-20 | N/A |
| IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. | ||||
| CVE-2017-15735 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | ||||
| CVE-2016-4886 | 1 Basercms | 1 Basercms | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2017-12593 | 1 Asus | 2 Dsl-n10s Firmware, Dsl-n10s Router | 2025-04-20 | N/A |
| ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. | ||||
| CVE-2017-11193 | 1 Pulsesecure | 1 Pulse Connect Secure | 2025-04-20 | N/A |
| Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page. | ||||
| CVE-2014-0120 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | ||||
| CVE-2014-9565 | 1 Ibm | 4 En6131, En6131 Firmware, Ib6131 and 1 more | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. | ||||
| CVE-2017-10680 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | ||||
| CVE-2017-7446 | 1 Helpdezk | 1 Helpdezk | 2025-04-20 | N/A |
| HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. | ||||
| CVE-2015-3655 | 1 Arubanetworks | 1 Clearpass | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token. | ||||
| CVE-2015-0276 | 1 Kallithea-scm | 1 Kallithea | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | ||||
| CVE-2016-7822 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. | ||||
| CVE-2017-9518 | 1 Atmail | 1 Atmail | 2025-04-20 | N/A |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. | ||||
| CVE-2017-9517 | 1 Atmail | 1 Atmail | 2025-04-20 | N/A |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. | ||||