Total
6287 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1631 | 1 Ibm | 1 Jazz For Service Management | 2024-09-16 | N/A |
| IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. | ||||
| CVE-2012-5898 | 1 Samedia | 1 Landshop | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings. | ||||
| CVE-2010-3884 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-4729 | 1 Zikula | 1 Zikula Application Framework | 2024-09-16 | N/A |
| Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions. | ||||
| CVE-2018-1455 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-09-16 | N/A |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029. | ||||
| CVE-2018-1230 | 1 Pivotal Software | 1 Spring Batch Admin | 2024-09-16 | N/A |
| Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life. | ||||
| CVE-2018-7524 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2024-09-16 | N/A |
| A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. | ||||
| CVE-2022-30337 | 1 Joomunited | 1 Wp Meta Seo | 2024-09-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. | ||||
| CVE-2017-15734 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-09-16 | N/A |
| In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | ||||
| CVE-2017-9641 | 1 Osisoft | 1 Pi Coresight | 2024-09-16 | N/A |
| PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability. | ||||
| CVE-2021-29816 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-09-16 | 6.5 Medium |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341. | ||||
| CVE-2022-38139 | 1 Rdstation | 1 Rd Station | 2024-09-16 | 5.4 Medium |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress. | ||||
| CVE-2021-36914 | 1 Claderaform | 1 Calderawp License Manager | 2024-09-16 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | ||||
| CVE-2022-22686 | 1 Synology | 1 Calendar | 2024-09-16 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2020-4018 | 1 Atlassian | 2 Crucible, Fisheye | 2024-09-16 | 8.8 High |
| The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2023-45107 | 1 Goodbarber | 1 Goodbarber | 2024-09-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions. | ||||
| CVE-2017-15084 | 1 Rapid7 | 1 Metasploit | 2024-09-16 | N/A |
| The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | ||||
| CVE-2020-4992 | 1 Ibm | 1 Datapower Gateway | 2024-09-16 | 6.5 Medium |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737. | ||||
| CVE-2019-4515 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-09-16 | 6.5 Medium |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. | ||||
| CVE-2023-45108 | 1 Mailrelay | 1 Mailrelay | 2024-09-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions. | ||||