Total
7595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6497 | 1 Microfocus | 2 Cms Server, Universal Cmbd Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | |||||
| CVE-2018-6496 | 1 Microfocus | 1 Universal Cmbd Browser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | |||||
| CVE-2018-6467 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php. | |||||
| CVE-2018-6458 | 1 Ehcp | 1 Easy Hosting Control Panel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. | |||||
| CVE-2018-6408 | 1 Conceptronic | 3 Cipcamptiwl, Cipcamptiwl Firmware, Cipcamptiwl Web Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account. | |||||
| CVE-2018-6391 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. | |||||
| CVE-2018-6357 | 1 Acurax | 1 Social Media Widget | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. | |||||
| CVE-2018-6288 | 1 Kaspersky | 1 Secure Mail Gateway | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2018-6224 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain. | |||||
| CVE-2018-6023 | 1 Fastweb | 2 Fastgate, Fastgate Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. | |||||
| CVE-2018-6009 | 1 Yiiframework | 1 Yiiframework | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | |||||
| CVE-2018-6007 | 1 Joomsky | 1 Js Support Ticket | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. | |||||
| CVE-2018-5976 | 1 Rsvp Invitation Online Project | 1 Rsvp Invitation Online | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. | |||||
| CVE-2018-5969 | 1 Photography Cms Project | 1 Photography Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. | |||||
| CVE-2018-5921 | 1 Hp | 387 A2w75a, A2w75a Firmware, A2w76a and 384 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege. | |||||
| CVE-2018-5720 | 1 Dodocool | 2 Dc38, Dc38 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc. | |||||
| CVE-2018-5673 | 1 Booking Calendar Project | 1 Booking Calendar | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php. | |||||
| CVE-2018-5669 | 1 Read And Understood Project | 1 Read And Understood | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php. | |||||
| CVE-2018-5658 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php. | |||||
| CVE-2018-5656 | 1 Weblizar | 1 Pinterest-feeds | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php. | |||||