Total
8165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9334 | 1 Bird Feeder Project | 1 Bird Feeder | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) user or (2) password parameter in the bird-feeder page to wp-admin/options-general.php. | |||||
| CVE-2014-9437 | 1 Sliding Social Icons Project | 1 Sliding Social Icons | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php. | |||||
| CVE-2015-0705 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494. | |||||
| CVE-2015-1581 | 1 Mobile Domain Project | 1 Mobile Domain | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) domain, (3) text, (4) font, (5) fontcolor, (6) color, or (7) padding parameter in an add-domain action in the mobile-domain page to wp-admin/options-general.php. | |||||
| CVE-2014-8246 | 1 Broadcom | 1 Release Automation | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-6188 | 1 Hp | 1 System Management Homepage | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-0933 | 1 Ibm | 1 Infosphere Information Server Metadata Workbench | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-0944 | 1 Ibm | 1 Operational Decision Manager | 2025-04-12 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-1585 | 1 Fatfreecrm | 1 Fat Free Crm | 2025-04-12 | 6.8 MEDIUM | N/A |
| Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account. | |||||
| CVE-2014-0126 | 1 Moodle | 1 Moodle | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file. | |||||
| CVE-2014-3115 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. | |||||
| CVE-2014-9394 | 1 Pwgrandom Project | 1 Pwgrandom | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrandom_title or (2) pwgrandom_category parameter in the pwgrandom page to wp-admin/options-general.php. | |||||
| CVE-2016-6417 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 4.10.2 through 6.1.0 and Firepower Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCva21636. | |||||
| CVE-2013-2699 | 1 Underconstruction Project | 1 Underconstruction | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors. | |||||
| CVE-2014-9460 | 1 Justin Klein | 1 Wp-vipergb | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php. | |||||
| CVE-2015-6330 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. | |||||
| CVE-2014-7190 | 1 Openfiler | 1 Openfiler | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html. | |||||
| CVE-2012-1203 | 1 Syndeocms | 1 Syndeocms | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action. | |||||
| CVE-2015-0596 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. | |||||
| CVE-2016-4494 | 1 Kmc Controls | 2 Bac-5051e, Bac-5051e Firmware | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for requests that disclose the contents of a configuration file. | |||||