Total
7940 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41083 | 1 Dadamailproject | 1 Dada Mail | 2024-11-21 | 6.8 MEDIUM | 8.0 HIGH |
| Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any mailing list password, as well as the Dada Mail Root Password - which could effectively shut out actual list owners of the mailing list and allow the bad actor complete and unfettered control of your mailing list. This vulnerability also affects profile logins. For this vulnerability to work, the target of the bad actor would need to be logged into the list control panel themselves. This CSRF vulnerability in Dada Mail affects all versions of Dada Mail v11.15.1 and below. Although we know of no known CSRF exploits that have happened in the wild, this vulnerability has been confirmed by our testing, and by a third party. Users are advised to update to version 11.16.0. | |||||
| CVE-2021-40965 | 1 Tinyfilemanager Project | 1 Tinyfilemanager | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker. | |||||
| CVE-2021-40662 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL. | |||||
| CVE-2021-40518 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Airangel HSMX Gateway devices through 5.2.04 allow CSRF. | |||||
| CVE-2021-40335 | 1 Hitachienergy | 2 Modular Switchgear Monitoring, Modular Switchgear Monitoring Firmware | 2024-11-21 | N/A | 5.0 MEDIUM |
| A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions. | |||||
| CVE-2021-40174 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | |||||
| CVE-2021-40173 | 1 Zohocorp | 1 Manageengine Cloud Security Plus | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | |||||
| CVE-2021-40172 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. | |||||
| CVE-2021-40108 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. | |||||
| CVE-2021-3993 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3976 | 1 Kimai | 1 Kimai 2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3963 | 1 Kimai | 1 Kimai 2 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3957 | 1 Kimai | 1 Kimai 2 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3944 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| bookstack is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3932 | 1 Area17 | 1 Twill | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| twill is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3931 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3921 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3901 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3900 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3858 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | |||||