Total
8545 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0933 | 1 Ibm | 1 Infosphere Information Server Metadata Workbench | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2014-0929 | 1 Ibm | 1 Connections | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions. | ||||
| CVE-2014-0885 | 1 Ibm | 1 Lotus Protector For Mail Security | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2014-0864 | 1 Ibm | 1 Algo Credit Limits | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document. | ||||
| CVE-2014-0745 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502. | ||||
| CVE-2014-0740 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. | ||||
| CVE-2014-0641 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2014-0570 | 1 Adobe | 1 Coldfusion | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2014-0473 | 3 Canonical, Djangoproject, Redhat | 3 Ubuntu Linux, Django, Openstack | 2025-04-12 | N/A |
| The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. | ||||
| CVE-2014-0213 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests. | ||||
| CVE-2014-0168 | 2 Jolokia, Redhat | 3 Jolokia, Jboss Amq, Jboss Fuse | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. | ||||
| CVE-2014-0126 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file. | ||||
| CVE-2014-0151 | 1 Redhat | 2 Ovirt-engine, Rhev Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. | ||||
| CVE-2013-2708 | 1 Snilesh | 1 Content Slide | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. | ||||
| CVE-2013-3729 | 1 Kasseler-cms | 1 Kasseler-cms | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727. | ||||
| CVE-2013-7352 | 1 B2evolution | 1 B2evolution | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the show_statuses[] parameter, related to CVE-2013-2945. | ||||
| CVE-2013-2706 | 2 Rodrigo Polo, Wordpress | 2 Stream Video Player, Wordpress | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. | ||||
| CVE-2013-7259 | 1 Neo4j | 1 Neo4j | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/. | ||||
| CVE-2015-6660 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks." | ||||
| CVE-2013-7407 | 1 Drupal | 1 Mrbs Module | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||