Total
7939 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6408 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. | |||||
| CVE-2016-2901 | 1 Ibm | 2 Web Content Manager, Websphere Portal | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-2295 | 1 Netgate | 1 Pfsense | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter. | |||||
| CVE-2016-3004 | 1 Ibm | 1 Connections | 2025-04-12 | 4.9 MEDIUM | 4.6 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications. | |||||
| CVE-2016-0386 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees. | |||||
| CVE-2014-9454 | 1 Simple Sticky Footer Project | 1 Simple Sticky Footer | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php. | |||||
| CVE-2016-3007 | 1 Ibm | 1 Connections | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users. | |||||
| CVE-2014-4188 | 1 Hitachi | 2 Jp1\/performance Management-manager Web Option, Tuning Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-2700 | 1 Webmaster-source | 1 Wp125 | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors. | |||||
| CVE-2016-2963 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-4390 | 1 User Import Project | 1 User Import | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) continue or (2) delete an ongoing import via unspecified vectors. | |||||
| CVE-2013-7057 | 1 Axway | 1 Securetransport | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/. | |||||
| CVE-2015-5996 | 1 Mediabridge | 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-0651 | 1 Cisco | 1 Application Networking Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753. | |||||
| CVE-2015-2961 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2015-4010 | 1 Everybit | 1 Encrypted Contact Form | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php. | |||||
| CVE-2016-9866 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2014-8331 | 1 Huawei | 2 E3236 Firmware, E3276 Firmware | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions. | |||||
| CVE-2015-3370 | 1 Node Invite Project | 1 Node Invite | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified vectors. | |||||
| CVE-2014-8523 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||