Export limit exceeded: 359197 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10218 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5007 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2015-4460 | 1 Boxautomation | 1 C2box | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors. | ||||
| CVE-2015-5412 | 1 Hp | 1 Version Control Repository Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-5445 | 1 Hp | 1 Storeonce Backup System Software | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-5508 | 1 The Extensible Catalog Drupal Toolkit Project | 1 The Extensible Catalog Drupal Toolkit | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request. | ||||
| CVE-2015-5530 | 1 Freereprintables | 1 Articlefr | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/. | ||||
| CVE-2015-5631 | 1 Canon | 1 Pixma Mg7500 Series Inkjet Printer | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. | ||||
| CVE-2015-5990 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-6655 | 1 Pligg | 1 Pligg Cms | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php. | ||||
| CVE-2015-7184 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| CVE-2015-7366 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script. | ||||
| CVE-2015-8131 | 1 Elastic | 1 Kibana | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-8805 | 4 Canonical, Nettle Project, Opensuse and 1 more | 5 Ubuntu Linux, Nettle, Leap and 2 more | 2025-04-12 | N/A |
| The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. | ||||
| CVE-2015-0735 | 1 Cisco | 1 Unified Customer Voice Portal | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. | ||||
| CVE-2015-7278 | 1 Ampedwireless | 2 R10000, R10000 Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-7281 | 1 Readynet Solutions | 2 Wrt300n-dd, Wrt300n-dd Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2013-3258 | 1 Bufferapp | 1 Digg Digg | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors. | ||||
| CVE-2016-1448 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706. | ||||
| CVE-2016-2082 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-5701 | 1 Dotproject | 1 Dotproject | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | ||||