CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

323 matches found

EUVD•added 2026/05/06 7:57 p.m.•2 views

EUVD-2026-28161

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in csettings.cfc does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in...

7.1CVSS5.7AI score0.00033EPSS

Exploits0References1

Positive Technologies•added 2026/05/06 12:0 a.m.•5 views

PT-2026-38229

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The createBundle function in csettings.cfc fails to properly validate anti-CSRF Cross-Site Reque...

7.1CVSS5.7AI score0.00033EPSS

Exploits0References3

Vulnrichment•added 2026/04/30 12:0 a.m.•1 views

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

5.4AI score0.00021EPSS

Exploits0References2

Cvelist•added 2026/04/30 12:0 a.m.•28 views

CVE-2026-36960

0.00021EPSS

Exploits0References2

EUVD•added 2026/04/30 12:0 a.m.•0 views

EUVD-2026-26377

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An...

8.8CVSS5.5AI score0.0002EPSS

Exploits1References2

Snyk•added 2026/04/14 11:12 p.m.•0 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of JSON endpoints that process state-changing requests without verifying the origin or requiring an anti-CSRF token...

5.4CVSS5.8AI score0.00028EPSS

Exploits1References2

CNNVD•added 2026/03/17 12:0 a.m.•2 views

Edimax GS-5008PL 跨站请求伪造漏洞

The Edimax GS-5008PL is a Gigabit Ethernet switch produced by Edimax of Taiwan, China. Versions of the Edimax GS-5008PL prior to 1.00.54 contained a cross-site request forgery vulnerability. This vulnerability stemmed from the lack of anti-CSRF tokens and request validation, which could allow...

6.5CVSS5.8AI score0.00011EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 12:34 p.m.•4 views

CVE-2023-45374

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams...

5.3CVSS6.9AI score0.00081EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:25 a.m.•7 views

CVE-2021-28055

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user...

6.5CVSS6.9AI score0.00085EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:54 a.m.•2 views

CVE-2022-23680

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

8.8CVSS7.5AI score0.00141EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:54 a.m.•3 views

CVE-2022-23679

8.8CVSS7.5AI score0.00141EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:33 a.m.•4 views

CVE-2019-16187

Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script...

7.5CVSS6.8AI score0.00276EPSS

Exploits0References1

Vulnrichment•added 2025/12/10 6:23 p.m.•1 views

CVE-2025-34430 1Panel CSRF Panel Name Modification

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

5.1CVSS6.5AI score0.00028EPSS

Exploits0References3

NVD•added 2025/10/29 6:15 p.m.•2 views

CVE-2025-62797

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...

8.6CVSS0.00029EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-1286

Malware in sbrugna...

6.5CVSS6.5AI score0.00085EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-1740

Malware in sbrugna...

8.8CVSS8.8AI score0.00165EPSS

Exploits1References2