Total
6253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36886 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2024-09-16 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). | ||||
| CVE-2017-18080 | 1 Atlassian | 1 Bamboo | 2024-09-16 | N/A |
| The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2011-1482 | 1 Phpnuke | 1 Php-nuke | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison. | ||||
| CVE-2018-1858 | 1 Ibm | 1 Api Connect | 2024-09-16 | 8.8 High |
| IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256. | ||||
| CVE-2010-2282 | 1 Tomatocms | 1 Tomatocms | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. | ||||
| CVE-2019-9603 | 1 1234n | 1 Minicms | 2024-09-16 | N/A |
| MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891. | ||||
| CVE-2020-4917 | 1 Ibm | 1 Cloud Pak System | 2024-09-16 | 8.8 High |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391. | ||||
| CVE-2012-3231 | 1 Webatall | 1 Web\@all | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php. | ||||
| CVE-2022-22346 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-09-16 | 8.8 High |
| IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048. | ||||
| CVE-2022-29454 | 1 Wordplus | 1 Better Messages | 2024-09-16 | 3.1 Low |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. | ||||
| CVE-2022-23975 | 1 Accesspressthemes | 1 Access Demo Importer | 2024-09-16 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. | ||||
| CVE-2013-7256 | 1 Opsview | 1 Opsview | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-3028 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. | ||||
| CVE-2022-40687 | 1 Constantcontact | 1 Creative Mail | 2024-09-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. | ||||
| CVE-2009-2005 | 1 Dokeos | 1 Dokeos | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors. | ||||
| CVE-2017-12853 | 1 Rtsindia | 2 Rwr-3g-100, Rwr-3g-100 Firmware | 2024-09-16 | N/A |
| The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | ||||
| CVE-2018-13445 | 1 Seacms | 1 Seacms | 2024-09-16 | N/A |
| An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. | ||||
| CVE-2019-11203 | 1 Tibco | 2 Activematrix Business Process Management, Silver Fabric Enabler | 2024-09-16 | 6.1 Medium |
| The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain cross site scripting (XSS) and cross-site request forgery vulnerabilities. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1. | ||||
| CVE-2021-23227 | 1 Php Everywhere Project | 1 Php Everywhere | 2024-09-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions. | ||||
| CVE-2017-1300 | 1 Ibm | 1 Openpages Grc Platform | 2024-09-16 | N/A |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162. | ||||