Total
6289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000843 | 1 Spotify | 1 Luigi | 2024-09-16 | N/A |
| Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later. | ||||
| CVE-2020-4617 | 1 Ibm | 1 Data Risk Manager | 2024-09-16 | 8.1 High |
| IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 184930. | ||||
| CVE-2018-16416 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. | ||||
| CVE-2018-15203 | 1 Ignitedcms | 1 Ignitedcms | 2024-09-16 | 6.5 Medium |
| An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages. | ||||
| CVE-2022-41996 | 1 Theme-fusion | 1 Avada | 2024-09-16 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. | ||||
| CVE-2011-1104 | 1 Mutare | 1 Evm | 2024-09-16 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare EVM allow remote attackers to hijack the authentication of arbitrary users for requests that (1) change a PIN, (2) delete messages, (3) add a delivery address, or (4) change a delivery address. | ||||
| CVE-2020-4238 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-09-16 | 8.8 High |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411. | ||||
| CVE-2015-2048 | 1 Dlink | 2 Dcs-931l, Dcs-931l Firmware | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2022-26309 | 1 Pandorafms | 1 Pandora Fms | 2024-09-16 | 3.7 Low |
| Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group. | ||||
| CVE-2013-1153 | 1 Cisco | 1 Prime Infrastructure | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676. | ||||
| CVE-2010-1732 | 1 Zikula | 1 Zikula Application Framework | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). | ||||
| CVE-2021-36890 | 1 Supsystic | 1 Social Share Buttons | 2024-09-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. | ||||
| CVE-2019-4613 | 1 Ibm | 1 Planning Analytics | 2024-09-16 | 8.8 High |
| IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524. | ||||
| CVE-2012-4478 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2024-09-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. | ||||
| CVE-2022-29430 | 1 Png To Jpg Project | 1 Png To Jpg | 2024-09-16 | 4.7 Medium |
| Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. | ||||
| CVE-2018-0445 | 1 Cisco | 1 Packaged Contact Center Enterprise | 2024-09-16 | N/A |
| A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. | ||||
| CVE-2018-1000206 | 1 Jfrog | 1 Artifactory | 2024-09-16 | N/A |
| JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1. | ||||
| CVE-2020-4675 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, Infosphere Master Data Management Server, Linux On Ibm Z and 3 more | 2024-09-16 | 6.5 Medium |
| IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. | ||||
| CVE-2022-32587 | 1 Codeandmore | 1 Wp Page Widget | 2024-09-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change. | ||||
| CVE-2022-38454 | 1 Kraken | 1 Kraken.io Image Optimizer | 2024-09-16 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress. | ||||