Total
8695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3252 | 1 Lesterchan | 1 Wp-postviews | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. | |||||
| CVE-2011-5311 | 1 Cherry-design | 1 Wikipad | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter. | |||||
| CVE-2023-36237 | 1 Webkul | 1 Bagisto | 2025-04-11 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script. | |||||
| CVE-2016-15005 | 1 Golf Project | 1 Golf | 2025-04-11 | N/A | 8.8 HIGH |
| CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests. | |||||
| CVE-2025-2832 | 1 Mingyuefusu | 1 Library Management System | 2025-04-11 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-20347 | 1 Cisco | 1 Emergency Responder | 2025-04-11 | N/A | 4.3 MEDIUM |
| A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device. | |||||
| CVE-2025-32282 | 2025-04-11 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics. This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.2.2. | |||||
| CVE-2024-39639 | 1 Iptanus | 1 Wordpress File Upload | 2025-04-11 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7. | |||||
| CVE-2012-1416 | 1 Socialcms | 1 Socialcms | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php. | |||||
| CVE-2013-7256 | 1 Opsview | 1 Opsview | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2011-1403 | 1 Mahara | 1 Mahara | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys. | |||||
| CVE-2012-5450 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter. | |||||
| CVE-2012-5005 | 1 Frankdeveloper | 1 Vr Gpub | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action. | |||||
| CVE-2013-6852 | 1 Hp | 1 2620-24-poe\+ Switch | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method. | |||||
| CVE-2012-5950 | 1 Ibm | 1 Tririga Application Platform | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp. | |||||
| CVE-2011-0746 | 1 Zyxel | 1 O2 Dsl Router Classic | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Forms/PortForwarding_Edit_1 on the ZyXEL O2 DSL Router Classic allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the PortRule_Name parameter. | |||||
| CVE-2010-0713 | 1 Zenoss | 1 Zenoss | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/. | |||||
| CVE-2009-4787 | 1 Pligg | 1 Pligg Cms | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact. | |||||
| CVE-2013-3392 | 1 Cisco | 1 Webex Social | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405 and CSCuh10355. | |||||
| CVE-2013-2158 | 2 Drupal, Services Project | 2 Drupal, Services | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||