| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295. |
| In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback
Current code blindly writes over the SWERR and the OVERFLOW bits. Write
back the bits actually read instead so the driver avoids clobbering the
OVERFLOW bit that comes after the register is read. |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Microsoft Edge for Android Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Microsoft Azure Active Directory B2C Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. |
| HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.
|
| The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack |
| The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks |
| Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. |
| The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options |
| The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP |
| The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog |
