Total
7648 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31760 | 1 Webmin | 1 Webmin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. | |||||
| CVE-2021-31679 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers. | |||||
| CVE-2021-31678 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company. | |||||
| CVE-2021-31677 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords. | |||||
| CVE-2021-31659 | 1 Tp-link | 4 Tl-sg2005, Tl-sg2005 Firmware, Tl-sg2008 and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with. | |||||
| CVE-2021-31631 | 1 B2evolution | 1 B2evolution Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. | |||||
| CVE-2021-31604 | 1 Openvpn-monitor Project | 1 Openvpn-monitor | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. | |||||
| CVE-2021-31584 | 1 Sipwise | 1 Next Generation Communication Platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges. | |||||
| CVE-2021-31152 | 1 Multilaser | 2 Ac1200 Re018, Ac1200 Re018 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. | |||||
| CVE-2021-30224 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. | |||||
| CVE-2021-30147 | 1 Dmasoftlab | 1 Radius Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. | |||||
| CVE-2021-30114 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege. | |||||
| CVE-2021-30112 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege. | |||||
| CVE-2021-29995 | 1 Cloverdx | 1 Cloverdx | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1. | |||||
| CVE-2021-29888 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123. | |||||
| CVE-2021-29837 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. | |||||
| CVE-2021-29823 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. | |||||
| CVE-2021-29816 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204341. | |||||
| CVE-2021-29757 | 1 Ibm | 1 Qradar User Behavior Analytics | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168. | |||||
| CVE-2021-29756 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167. | |||||