Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8360 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-15781 1 Weblizar 1 Social Likebox \& Feed 2024-11-21 N/A
The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.
CVE-2019-15779 1 Quadlayers 1 Wp Social Feed Gallery 2024-11-21 N/A
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.
CVE-2019-15770 1 Hallme 1 Woocommerce Address Book 2024-11-21 N/A
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks.
CVE-2019-15769 1 Haktansuren 1 Handl Utm Grabber 2024-11-21 N/A
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.
CVE-2019-15660 1 Butlerblog 1 Wp-members 2024-11-21 N/A
The wp-members plugin before 3.2.8 for WordPress has CSRF.
CVE-2019-15648 1 Elearningfreak 1 Insert Or Embed Articulate Content 2024-11-21 N/A
The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber.
CVE-2019-15645 1 Zoho 1 Salesiq 2024-11-21 N/A
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.
CVE-2019-15515 1 Discourse 1 Discourse 2024-11-21 N/A
Discourse 2.3.2 sends the CSRF token in the query string.
CVE-2019-15496 1 Manageyourteam 1 Myt Project Management 2024-11-21 N/A
MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
CVE-2019-15491 1 It-novum 1 Openitcockpit 2024-11-21 N/A
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.
CVE-2019-15329 1 Codection 1 Import Users From Csv With Meta 2024-11-21 N/A
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
CVE-2019-15238 1 Cformsii Project 1 Cformsii 2024-11-21 N/A
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.
CVE-2019-15229 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 N/A
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
CVE-2019-15164 1 Tcpdump 1 Libpcap 2024-11-21 5.3 Medium
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
CVE-2019-15150 1 Schine.games 1 Mw-oauth2client 2024-11-21 8.8 High
In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.
CVE-2019-15128 1 If.svnadmin Project 1 If.svnadmin 2024-11-21 N/A
iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user.
CVE-2019-15115 1 Profilepress 1 Loginwp 2024-11-21 N/A
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
CVE-2019-15114 1 Ncrafts 1 Formcraft 2024-11-21 N/A
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
CVE-2019-15113 1 Codeermeneer 1 Companion Sitemap Generator 2024-11-21 N/A
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.
CVE-2019-15089 1 Prise 1 Adas 2024-11-21 8.8 High
An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.