Total
7796 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14908 | 1 Samsung | 1 Syncthru Web Service | 2024-11-21 | N/A |
| Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. | ||||
| CVE-2018-14892 | 1 Zyxel | 2 Nsa325 V2, Nsa325 V2 Firmware | 2024-11-21 | N/A |
| Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. | ||||
| CVE-2018-14783 | 1 Netcommwireless | 2 Nwl-25, Nwl-25 Firmware | 2024-11-21 | N/A |
| NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely. | ||||
| CVE-2018-14769 | 1 Vivotek | 1 Camera | 2024-11-21 | N/A |
| VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. | ||||
| CVE-2018-14721 | 4 Debian, Fasterxml, Oracle and 1 more | 21 Debian Linux, Jackson-databind, Banking Platform and 18 more | 2024-11-21 | N/A |
| FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. | ||||
| CVE-2018-14711 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-11-21 | N/A |
| Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs. | ||||
| CVE-2018-14668 | 1 Yandex | 1 Clickhouse | 2024-11-21 | N/A |
| In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. | ||||
| CVE-2018-14603 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. | ||||
| CVE-2018-14583 | 1 Xyhcms | 1 Xyhcms | 2024-11-21 | N/A |
| xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. | ||||
| CVE-2018-14582 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | N/A |
| index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. | ||||
| CVE-2018-14575 | 1 Mybb | 1 Trash Bin | 2024-11-21 | N/A |
| Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. | ||||
| CVE-2018-14519 | 1 Getkirby | 1 Kirby | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page. | ||||
| CVE-2018-14421 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF. | ||||
| CVE-2018-14420 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. | ||||
| CVE-2018-14331 | 1 Xiaocms | 1 Xiaocms X1 | 2024-11-21 | N/A |
| An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my. | ||||
| CVE-2018-14069 | 1 Srcms Project | 1 Srcms | 2024-11-21 | N/A |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add. | ||||
| CVE-2018-14068 | 1 Srcms Project | 1 Srcms | 2024-11-21 | N/A |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add. | ||||
| CVE-2018-14057 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A |
| Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. | ||||
| CVE-2018-14029 | 1 Creatiwity | 1 Witycms | 2024-11-21 | N/A |
| CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field. | ||||
| CVE-2018-14014 | 1 Super Cms Project | 1 Super Cms | 2024-11-21 | N/A |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. | ||||