Export limit exceeded: 10185 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10185 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35615 | 1 Joomla | 1 Joomla\! | 2026-02-24 | 6.3 Medium |
| An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability. | ||||
| CVE-2025-70062 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-23 | 6.5 Medium |
| PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page. | ||||
| CVE-2020-36908 | 1 Securecomputing | 2 Snapgear Sg560, Snapgear Sg560 Firmware | 2026-02-23 | 5.3 Medium |
| SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page. | ||||
| CVE-2024-55271 | 1 Phpgurukul | 1 Gym Management System | 2026-02-23 | 3.5 Low |
| A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint. | ||||
| CVE-2025-15405 | 1 Phpems | 1 Phpems | 2026-02-23 | 4.3 Medium |
| A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. | ||||
| CVE-2019-1163 | 1 Microsoft | 9 Windows 10, Windows 10 1507, Windows 10 1607 and 6 more | 2026-02-20 | 5.5 Medium |
| A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file. The update addresses the vulnerability by correcting how Windows validates file signatures. | ||||
| CVE-2024-55089 | 1 Rhymix | 1 Rhymix | 2026-02-20 | 4.1 Medium |
| Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities. | ||||
| CVE-2025-13333 | 1 Ibm | 1 Websphere Application Server | 2026-02-20 | 4.4 Medium |
| IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. | ||||
| CVE-2020-37158 | 2 Avideo, Wwbn | 2 Avideo Platform, Avideo | 2026-02-20 | 5.3 Medium |
| AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication. | ||||
| CVE-2025-49715 | 1 Microsoft | 2 Dynamics 365, Dynamics 365 Fasttrack Implementation | 2026-02-20 | 7.5 High |
| Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-47967 | 2 Google, Microsoft | 3 Android, Edge, Edge Chromium | 2026-02-20 | 4.7 Medium |
| Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-13982 | 2 Drupal, Innoraft | 2 Login Time Restriction, Login Time Restriction | 2026-02-19 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3. | ||||
| CVE-2023-41970 | 1 Zscaler | 1 Client Connector | 2026-02-19 | 6 Medium |
| An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62. | ||||
| CVE-2018-17366 | 1 Mingsoft | 1 Mcms | 2026-02-19 | N/A |
| An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | ||||
| CVE-2020-37173 | 2 Avideo, Wwbn | 2 Avideo Platform, Avideo | 2026-02-18 | 7.5 High |
| AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter. | ||||
| CVE-2024-23462 | 1 Zscaler | 1 Client Connector | 2026-02-17 | 3.3 Low |
| An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4. | ||||
| CVE-2024-23461 | 1 Zscaler | 1 Client Connector | 2026-02-17 | 4.2 Medium |
| An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4. | ||||
| CVE-2022-0088 | 1 Yourls | 1 Yourls | 2026-02-16 | 7.4 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. | ||||
| CVE-2025-21193 | 1 Microsoft | 6 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 3 more | 2026-02-13 | 6.5 Medium |
| Active Directory Federation Server Spoofing Vulnerability | ||||
| CVE-2025-21267 | 1 Microsoft | 1 Edge Chromium | 2026-02-13 | 4.4 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||