Export limit exceeded: 340656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9650 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25322 | 2 Publishpress, Wordpress | 2 Publishpress Revisions, Wordpress | 2026-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7.22. | ||||
| CVE-2025-13333 | 1 Ibm | 1 Websphere Application Server | 2026-02-20 | 4.4 Medium |
| IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. | ||||
| CVE-2020-37158 | 2 Avideo, Wwbn | 2 Avideo Platform, Avideo | 2026-02-20 | 5.3 Medium |
| AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication. | ||||
| CVE-2025-49715 | 1 Microsoft | 2 Dynamics 365, Dynamics 365 Fasttrack Implementation | 2026-02-20 | 7.5 High |
| Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-47967 | 2 Google, Microsoft | 3 Android, Edge, Edge Chromium | 2026-02-20 | 4.7 Medium |
| Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-25319 | 2 Wordpress, Wpzita | 2 Wordpress, Zita Elementor Site Library | 2026-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-library allows Cross Site Request Forgery.This issue affects Zita Elementor Site Library: from n/a through <= 1.6.6. | ||||
| CVE-2026-25337 | 2 Wordpress, Wpcoachify | 2 Wordpress, Coachify | 2026-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5. | ||||
| CVE-2026-25411 | 2 Themastercut, Wordpress | 2 Revision Manager Tmc, Wordpress | 2026-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision-manager-tmc allows Cross Site Request Forgery.This issue affects Revision Manager TMC: from n/a through <= 2.8.22. | ||||
| CVE-2026-27050 | 2 Thimpress, Wordpress | 2 Realpress, Wordpress | 2026-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0. | ||||
| CVE-2026-27090 | 2 Wordpress, Wp Moose | 2 Wordpress, Kenta Companion | 2026-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through <= 1.3.3. | ||||
| CVE-2026-1455 | 2 Whatsiplus, Wordpress | 2 Whatsiplus Scheduled Notification For Woocommerce, Wordpress | 2026-02-19 | 4.3 Medium |
| The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'wsnfw_save_users_settings' AJAX action. This makes it possible for unauthenticated attackers to modify plugin configuration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-13982 | 2 Drupal, Innoraft | 2 Login Time Restriction, Login Time Restriction | 2026-02-19 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3. | ||||
| CVE-2019-25359 | 1 Sitzungsdienst | 1 Sd.net Rim | 2026-02-19 | 8.2 High |
| SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enabling unauthorized database manipulation and potential information disclosure. | ||||
| CVE-2023-41970 | 1 Zscaler | 1 Client Connector | 2026-02-19 | 6 Medium |
| An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62. | ||||
| CVE-2018-17366 | 1 Mingsoft | 1 Mcms | 2026-02-19 | N/A |
| An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | ||||
| CVE-2025-12172 | 2 Mailchimp, Wordpress | 2 Mailchimp List Subscribe Form, Wordpress | 2026-02-19 | 4.3 Medium |
| The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the mailchimp_sf_change_list_if_necessary() function. This makes it possible for unauthenticated attackers to change Mailchimp lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-12821 | 2 Spicethemes, Wordpress | 2 Newsblogger, Wordpress | 2026-02-19 | 8.8 High |
| The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is due to a reverted fix of CVE-2025-1305. | ||||
| CVE-2025-13413 | 2 Soyrodriguez, Wordpress | 2 Country Blocker For Adsense, Wordpress | 2026-02-19 | 4.3 Medium |
| The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFA_guardar_cbfa() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-13438 | 2 Dienodigital, Wordpress | 2 Page Title, Description & Open Graph Updater, Wordpress | 2026-02-19 | 4.3 Medium |
| The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno_update_page_title. This makes it possible for unauthenticated attackers to update page titles and metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-10450 | 1 Rti | 1 Connext Professional | 2026-02-19 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.2.0 before 7.3.1. | ||||