Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25976 | 1 Dotnetfoundation | 1 Piranha Cms | 2021-11-17 | 4.0 MEDIUM | 8.1 HIGH |
| In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. | |||||
| CVE-2021-3683 | 1 Showdoc | 1 Showdoc | 2021-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3775 | 1 Showdoc | 1 Showdoc | 2021-11-16 | 5.8 MEDIUM | 5.4 MEDIUM |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3776 | 1 Showdoc | 1 Showdoc | 2021-11-16 | 5.8 MEDIUM | 5.4 MEDIUM |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2020-21141 | 1 Idreamsoft | 1 Icms | 2021-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | |||||
| CVE-2021-3932 | 1 Area17 | 1 Twill | 2021-11-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| twill is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3931 | 1 Snipeitapp | 1 Snipe-it | 2021-11-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3921 | 1 Firefly-iii | 1 Firefly Iii | 2021-11-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-40518 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2021-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Airangel HSMX Gateway devices through 5.2.04 allow CSRF. | |||||
| CVE-2021-24832 | 1 Wp Seo Redirect 301 Project | 1 Wp Seo Redirect 301 | 2021-11-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack | |||||
| CVE-2020-28137 | 1 Genexis | 2 Platinum 4410, Platinum 4410 Firmware | 2021-11-13 | 7.1 HIGH | 6.5 MEDIUM |
| Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router. | |||||
| CVE-2021-41426 | 1 Beeline | 2 Smart Box, Smart Box Firmware | 2021-11-12 | 6.8 MEDIUM | 8.8 HIGH |
| Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. | |||||
| CVE-2021-24767 | 1 Fullworks | 1 Redirect 404 Error Page To Homepage Or Custom Page With Logs | 2021-11-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack | |||||
| CVE-2013-0205 | 2 Drupal, Restful Web Services Project | 2 Drupal, Restful Web Services | 2021-11-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | |||||
| CVE-2021-24674 | 1 Genie Wp Favicon Project | 1 Genie Wp Favicon | 2021-11-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack | |||||
| CVE-2021-24806 | 1 Gvectors | 1 Wpdiscuz | 2021-11-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment. | |||||
| CVE-2021-24809 | 1 Wordplus | 1 Better Messages | 2021-11-09 | 6.8 MEDIUM | 8.8 HIGH |
| The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions | |||||
| CVE-2009-2816 | 4 Apple, Fedoraproject, Google and 1 more | 5 Iphone Os, Safari, Fedora and 2 more | 2021-11-08 | 6.8 MEDIUM | N/A |
| The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | |||||
| CVE-2020-23686 | 1 Ayacms Project | 1 Ayacms | 2021-11-08 | 6.8 MEDIUM | 8.8 HIGH |
| Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | |||||
| CVE-2019-11203 | 1 Tibco | 2 Activematrix Business Process Management, Silver Fabric Enabler | 2021-11-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain cross site scripting (XSS) and cross-site request forgery vulnerabilities. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1. | |||||