Export limit exceeded: 10316 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10316 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27195 | 2026-04-23 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in sverde1 Watermark RELOADED watermark-reloaded allows Cross Site Request Forgery.This issue affects Watermark RELOADED: from n/a through <= 1.3.5. | ||||
| CVE-2024-25932 | 1 Youngtechleads | 1 Change Table Prefix | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix change-table-prefix allows Cross Site Request Forgery.This issue affects Change Table Prefix: from n/a through <= 2.0. | ||||
| CVE-2026-4121 | 2 Ksolves, Wordpress | 2 Kcaptcha, Wordpress | 2026-04-23 | 4.3 Medium |
| The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler (admin/setting.php). The settings form does not include a wp_nonce_field() and the form processing code does not call wp_verify_nonce() or check_admin_referer() before saving settings to the database via $wpdb->update(). This makes it possible for unauthenticated attackers to modify the plugin's CAPTCHA settings (enabling or disabling CAPTCHA on login, registration, lost password, and comment forms) via a forged request, granted they can trick a site administrator into performing an action such as clicking a link. | ||||
| CVE-2026-4133 | 2 Textp2p, Wordpress | 2 Textp2p Texting Widget, Wordpress | 2026-04-23 | 4.3 Medium |
| The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage() function which processes settings updates. The form at line 314 does not include a wp_nonce_field(), and the POST handler at line 7 does not call check_admin_referer() or wp_verify_nonce() before processing settings changes. This makes it possible for unauthenticated attackers to update all plugin settings including chat widget titles, messages, API credentials, colors, and reCAPTCHA configuration via a forged request, granted they can trick a site administrator into performing an action such as clicking a link. | ||||
| CVE-2007-4893 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. | ||||
| CVE-2007-6490 | 1 Falcon | 1 Series One Cms | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | ||||
| CVE-2008-1719 | 1 Truzone | 1 Nuke Et | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET 3.2 and 3.4 allow remote attackers to perform actions as administrators, as demonstrated by inserting an XSS sequence into a document. | ||||
| CVE-2009-0112 | 1 Expinion | 1 Poll Pro | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. | ||||
| CVE-2008-5568 | 1 Ipn-mate | 1 Ipn Pro 3 | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters. | ||||
| CVE-2007-6420 | 2 Apache, Canonical | 2 Http Server, Ubuntu Linux | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. | ||||
| CVE-2009-0055 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors. | ||||
| CVE-2007-5213 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. | ||||
| CVE-2008-1977 | 2 Internationalization Project, Localizer Project | 2 Internationalization, Localizer | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors. | ||||
| CVE-2007-5917 | 1 Skalinks | 1 Skalinks | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters. | ||||
| CVE-2008-0471 | 1 Phpbb | 1 Phpbb | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action. | ||||
| CVE-2008-6532 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | ||||
| CVE-2008-4128 | 1 Cisco | 2 871 Integrated Services Router, Ios | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3197 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set. | ||||
| CVE-2008-5565 | 1 Dinkumsoft | 1 Dl Paycart | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. | ||||
| CVE-2009-3520 | 1 Cmsphp Project | 1 Cmsphp | 2026-04-23 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action. | ||||