Total
8885 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2034 | 2 Cloudbees, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors. | ||||
| CVE-2014-10027 | 1 Dlink | 2 Dap-1360, Dap-1360 Firmware | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi. | ||||
| CVE-2012-5695 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message. | ||||
| CVE-2012-5701 | 1 Dotproject | 1 Dotproject | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2015-4010 | 1 Everybit | 1 Encrypted Contact Form | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php. | ||||
| CVE-2015-4140 | 1 Wp Smiley Project | 1 Wp Smiley | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting (XSS) attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.php. | ||||
| CVE-2011-5318 | 1 Diafan | 1 Diafan.cms | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/. | ||||
| CVE-2016-6442 | 1 Cisco | 1 Finesse | 2025-04-12 | N/A |
| A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1). | ||||
| CVE-2015-5338 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php. | ||||
| CVE-2013-7334 | 1 Imagecms | 1 Imagecms | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290. | ||||
| CVE-2013-7352 | 1 B2evolution | 1 B2evolution | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945. | ||||
| CVE-2013-7407 | 1 Drupal | 1 Mrbs Module | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-4189 | 1 Cisco | 1 Data Center Analytics Framework | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807. | ||||
| CVE-2015-2983 | 1 Php Kobo | 1 Photo Gallery Cms Free | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2014-0151 | 1 Redhat | 2 Ovirt-engine, Rhev Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. | ||||
| CVE-2014-0168 | 2 Jolokia, Redhat | 3 Jolokia, Jboss Amq, Jboss Fuse | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. | ||||
| CVE-2014-0213 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests. | ||||
| CVE-2012-1203 | 1 Syndeocms | 1 Syndeocms | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action. | ||||
| CVE-2016-2157 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins. | ||||
| CVE-2013-3086 | 1 Belkin | 2 N900, N900 Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. | ||||