ReportizFlow
Filtered by vendor
Subscriptions
Total
9323 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3709 | 1 Keycloak | 1 Keycloak | 2025-04-20 | N/A |
| The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. | ||||
| CVE-2017-6068 | 1 Intelliants | 1 Subrion Cms | 2025-04-20 | N/A |
| Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. | ||||
| CVE-2017-12853 | 1 Rtsindia | 2 Rwr-3g-100, Rwr-3g-100 Firmware | 2025-04-20 | N/A |
| The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | ||||
| CVE-2016-9975 | 1 Ibm | 2 Dashboard Application Services Hub, Jazz For Service Management | 2025-04-20 | N/A |
| IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714. | ||||
| CVE-2017-9490 | 3 Arris, Cisco, Commscope | 4 Tg1682g Firmware, Dpc3939b, Dpc3939b Firmware and 1 more | 2025-04-20 | N/A |
| The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | ||||
| CVE-2017-5473 | 1 Ntop | 1 Ntopng | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. | ||||
| CVE-2017-2244 | 1 Brother | 2 Mfc-j960dwn, Mfc-j960dwn Firmware | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2015-5170 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2025-04-20 | 8.8 High |
| Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. | ||||
| CVE-2015-5182 | 1 Redhat | 1 Amq | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | ||||
| CVE-2017-11679 | 1 Hashtopus Project | 1 Hashtopus | 2025-04-20 | N/A |
| Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | ||||
| CVE-2017-7491 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. | ||||
| CVE-2017-15516 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | N/A |
| NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. | ||||
| CVE-2015-5395 | 2 Alinto, Debian | 2 Sogo, Debian Linux | 2025-04-20 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | ||||
| CVE-2015-5607 | 2 Fedoraproject, Ipython | 2 Fedora, Ipython | 2025-04-20 | N/A |
| Cross-site request forgery in the REST API in IPython 2 and 3. | ||||
| CVE-2017-11648 | 1 Techroutes | 2 Tr 1803-3g, Tr 1803-3g Firmware | 2025-04-20 | N/A |
| Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering. | ||||
| CVE-2017-12838 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors. | ||||
| CVE-2017-14956 | 1 Alienvault | 1 Unified Security Management | 2025-04-20 | N/A |
| AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks. | ||||
| CVE-2016-6033 | 1 Ibm | 2 Tivoli Storage Flashcopy Manager For Vmware, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware | 2025-04-20 | N/A |
| IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545. | ||||
| CVE-2017-11567 | 1 Cesanta | 1 Mongoose Embedded Web Server Library | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely. | ||||
| CVE-2016-5401 | 1 Redhat | 2 Jboss Bpm Suite, Jboss Enterprise Brms Platform | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page. | ||||