Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12427 | 3 Apple, Microsoft, Westerndigital | 3 Macos, Windows, Wd Discovery | 2021-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. | |||||
| CVE-2021-39133 | 1 Pagerduty | 1 Rundeck | 2021-09-08 | 6.0 MEDIUM | 6.8 MEDIUM |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all Rundeck editions. Patches are available in Rundeck versions 3.4.3 and 3.3.14. | |||||
| CVE-2021-27557 | 1 Easycorp | 1 Zentao | 2021-09-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. | |||||
| CVE-2020-20343 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background. | |||||
| CVE-2021-32991 | 1 Deltaww | 1 Diaenergie | 2021-09-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. | |||||
| CVE-2013-2699 | 1 Underconstruction Project | 1 Underconstruction | 2021-09-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors. | |||||
| CVE-2020-18124 | 1 Indexhibit | 1 Indexhibit | 2021-09-02 | 4.0 MEDIUM | 5.7 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | |||||
| CVE-2020-18123 | 1 Indexhibit | 1 Indexhibit | 2021-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | |||||
| CVE-2021-40174 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | |||||
| CVE-2021-40173 | 1 Zohocorp | 1 Manageengine Cloud Security Plus | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | |||||
| CVE-2021-40172 | 1 Zohocorp | 1 Manageengine Log360 | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. | |||||
| CVE-2021-3734 | 1 Yourls | 1 Yourls | 2021-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | |||||
| CVE-2021-23431 | 1 Joplinapp | 1 Joplin | 2021-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms. | |||||
| CVE-2020-18917 | 1 Dedecms | 1 Dedecms | 2021-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | |||||
| CVE-2021-28070 | 1 Popojicms | 1 Popojicms | 2021-08-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. | |||||
| CVE-2020-24130 | 1 Ponzu-cms | 1 Ponzu | 2021-08-30 | 4.3 MEDIUM | 8.1 HIGH |
| A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts. | |||||
| CVE-2021-3728 | 1 Firefly-iii | 1 Firefly Iii | 2021-08-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3729 | 1 Firefly-iii | 1 Firefly Iii | 2021-08-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-3730 | 1 Firefly-iii | 1 Firefly Iii | 2021-08-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
| CVE-2021-39243 | 1 Altus | 30 Hadron Xtorm Hx3040, Hadron Xtorm Hx3040 Firmware, Nexto Nx3003 and 27 more | 2021-08-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | |||||