Total
7954 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3850 | 1 Member Approval Plugin Project | 1 Member Approval | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php. | ||||
| CVE-2015-3375 | 1 Niif | 1 Shibboleth Authentication | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors. | ||||
| CVE-2015-4586 | 1 Alcatel-lucent | 2 Cellpipe 7130 Rg 5ae.m2013 Hol, Cellpipe 7130 Rg 5ae.m2013 Hol Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd. | ||||
| CVE-2015-4352 | 1 Web-dorado | 1 Web-dorado Spider Video Player | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors. | ||||
| CVE-2015-4460 | 1 Boxautomation | 1 C2box | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors. | ||||
| CVE-2015-4390 | 1 User Import Project | 1 User Import | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) continue or (2) delete an ongoing import via unspecified vectors. | ||||
| CVE-2015-4382 | 1 Invoice Project | 1 Invoice | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors. | ||||
| CVE-2015-4362 | 1 Tracking Code Project | 1 Tracking Code | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors. | ||||
| CVE-2015-4355 | 1 Watchdog Aggregator Project | 1 Watchdog Aggregator | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable monitoring sites via unspecified vectors. | ||||
| CVE-2014-6299 | 1 Mm Forum Project | 1 Mm Forum | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. | ||||
| CVE-2015-6523 | 1 Portfolio Project | 1 Portfolio | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php. | ||||
| CVE-2015-4353 | 1 Osscube | 1 Custom Sitemap | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via unspecified vectors. | ||||
| CVE-2015-4350 | 1 Web-dorado | 1 Spider Catalog | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors. | ||||
| CVE-2015-4274 | 1 Cisco | 1 Unified Intelligence Center | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. | ||||
| CVE-2015-4349 | 1 Spider Contacts Project | 1 Spider Contacts | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors. | ||||
| CVE-2015-4267 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940. | ||||
| CVE-2013-4240 | 1 Hitmyserver | 1 Hms Testimonials | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php. | ||||
| CVE-2014-0570 | 1 Adobe | 1 Coldfusion | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-4258 | 1 Cisco | 1 Telepresence Mse 8000 Series | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444. | ||||
| CVE-2015-4257 | 1 Cisco | 1 Telepresence Mcu Software | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710. | ||||