CVE-2018-1000846

FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery CSRF vulnerability in All authenticated API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website...

CVE-2018-1000644

Eclipse RDF4j version 2.4.0 Milestone 2 contains a XML External Entity XXE vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially...

CVE-2018-1000824

MegaMek version v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...

CVE-2018-6391

A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings...

CVE-2018-19651

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl= request with an http or https URL. This also allows reading local files with a file: URL...

CVE-2018-19948

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery CSRF vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and...

CVE-2009-4517

Cross-site request forgery CSRF vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content...

CVE-2010-0711

Cross-site request forgery CSRF vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that 1 delete users via the delete action in the ma2 parameter or 2 create...

CVE-2010-0638

Cross-site request forgery CSRF vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2021-27701

SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery CSRF via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF request...

CVE-2021-33396

Cross Site Request Forgery CSRF vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php...

CVE-2021-28060

A Server-Side Request Forgery SSRF vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php...

CVE-2021-28070

Cross Site Request Forgery CSRF vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user=multidelete...

CVE-2021-31631

b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the User login page. This vulnerability allows attackers to escalate privileges...

CVE-2021-31152

Multilaser Router AC1200 V02.03.01.45pt contains a cross-site request forgery CSRF vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers...

CVE-2021-31760

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to achieve Remote Command Execution RCE through Webmin's running process feature...

CVE-2021-31216

Siren Investigate before 11.1.1 contains a server side request forgery SSRF defect in the built-in image proxy route which is enabled by default. An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs...

CVE-2021-31531

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery SSRF...

CVE-2021-22954

A cross-site request forgery vulnerability exists in Concrete CMS...

CVE-2021-22723

A CWE-79: Improper Neutralization of Input During Web Page Generation Cross-siteScripting through Cross-Site Request Forgery CSRF vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and...