Export limit exceeded: 344112 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9893 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21037 | 1 Intelliants | 1 Subrion | 2024-11-21 | 8.8 High |
| Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | ||||
| CVE-2018-21006 | 1 Bbpress Move Topics Project | 1 Bbpress Move Topics | 2024-11-21 | N/A |
| The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. | ||||
| CVE-2018-21002 | 1 Joomsky | 1 Js Help Desk | 2024-11-21 | N/A |
| The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. | ||||
| CVE-2018-20974 | 1 Joomsky | 1 Js Job Manager | 2024-11-21 | N/A |
| The js-jobs plugin before 1.0.7 for WordPress has CSRF. | ||||
| CVE-2018-20972 | 1 Codeermeneer | 1 Companion Auto Update | 2024-11-21 | N/A |
| The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. | ||||
| CVE-2018-20971 | 1 Churchadminplugin | 1 Church Admin | 2024-11-21 | N/A |
| The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. | ||||
| CVE-2018-20968 | 1 Smackcoders | 1 Ultimate Exporter | 2024-11-21 | N/A |
| The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | ||||
| CVE-2018-20967 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2024-11-21 | N/A |
| The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | ||||
| CVE-2018-20964 | 1 Codepeople | 1 Contact Form Email | 2024-11-21 | N/A |
| The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | ||||
| CVE-2018-20934 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | ||||
| CVE-2018-20872 | 1 I-lan | 1 Draytekl Firmware | 2024-11-21 | N/A |
| DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649. | ||||
| CVE-2018-20848 | 1 Peel | 1 Peel Shopping | 2024-11-21 | N/A |
| Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. | ||||
| CVE-2018-20816 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A |
| An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed. | ||||
| CVE-2018-20780 | 1 Traq | 1 Traq | 2024-11-21 | N/A |
| Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). | ||||
| CVE-2018-20728 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php. | ||||
| CVE-2018-20669 | 3 Canonical, Linux, Netapp | 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more | 2024-11-21 | 7.8 High |
| An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. | ||||
| CVE-2018-20648 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | N/A |
| PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. | ||||
| CVE-2018-20644 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2024-11-21 | N/A |
| PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | ||||
| CVE-2018-20641 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | N/A |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||||
| CVE-2018-20633 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-11-21 | N/A |
| PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||||