CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-Site Request Forgery CSRF vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin = 2.46.0 versions...

8.8CVSS8.5AI score0.00306EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:33 p.m.•4 views

CVE-2023-31452

A cross-site request forgery CSRF token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could...

8.8CVSS7AI score0.00506EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:33 p.m.•10 views

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

4.3CVSS7.7AI score0.00265EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:33 p.m.•11 views

CVE-2023-31087

Cross-Site Request Forgery CSRF vulnerability in JoomSky JS Job Manager plugin = 2.0.0 versions...

8.8CVSS8.5AI score0.00315EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:31 p.m.•16 views

CVE-2023-40969

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery SSRF via admin/modules/bibliography/popp2p.php...

6.1CVSS6.9AI score0.00341EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:30 p.m.•14 views

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

9.8CVSS6.8AI score0.01931EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:29 p.m.•8 views

CVE-2023-40868

Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions...

8.8CVSS7.9AI score0.01151EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:28 p.m.•7 views

CVE-2023-40953

icms 7.0.16 is vulnerable to Cross Site Request Forgery CSRF...

8.8CVSS6.9AI score0.00236EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:28 p.m.•5 views

CVE-2023-40630

Unauthenticated LFI/SSRF in JCDashboards component for Joomla...

9.8CVSS7AI score0.00706EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:28 p.m.•11 views

CVE-2023-40351

A cross-site request forgery CSRF vulnerability in Jenkins Favorite View Plugin 5.v77a37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar...

4.3CVSS6.7AI score0.00276EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:24 p.m.•7 views

CVE-2018-14711

Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs...

6.5CVSS6.8AI score0.00565EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:23 p.m.•8 views

CVE-2018-14575

Trash Bin plugin 1.1.3 for MyBB has cross-site scripting XSS via a thread subject and a cross-site request forgery CSRF via a post subject...

8.8CVSS6.3AI score0.02377EPSS

Exploits5References1

RedhatCVE•added 2026/01/09 12:16 p.m.•9 views

CVE-2018-1000188

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

5.5CVSS6.6AI score0.00608EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:16 p.m.•8 views

CVE-2018-1000009

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

8.8CVSS6.7AI score0.00965EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:16 p.m.•11 views

CVE-2018-1000153

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...

8.8CVSS6.7AI score0.00688EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:16 p.m.•9 views

CVE-2018-1000827

Ubilling version = 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...

9.8CVSS7.7AI score0.03604EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:15 p.m.•5 views

CVE-2018-1000639

LatexDraw version =4.0 contains a XML External Entity XXE vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file...

9.6CVSS6.7AI score0.01554EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by