CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

CVE•added 2026/01/06 3:52 p.m.•4 views

CVE-2020-36918

CVE-2020-36918 affects the iDS6 DSSPro Digital Signage System v6.2. It describes a cross-site request forgery (CSRF) where an attacker can induce susceptible admins to perform actions (e.g., add unauthorized users) without proper request validation by crafting malicious pages. The vulnerability s...

5.1CVSS6.4AI score0.00031EPSS

Exploits1References7

Vulnrichment•added 2026/01/06 3:52 p.m.•2 views

CVE-2020-36918 iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the...

5.1CVSS6.4AI score0.00031EPSS

Exploits1References7

CVE•added 2025/04/01 9:7 a.m.•534 views

CVE-2024-56325

Apache Pinot

9.8CVSS9.7AI score0.17409EPSS

Exploits0References2Affected Software1

NVD•added 2024/02/20 7:15 a.m.•13 views

CVE-2024-25149

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled,...

5.4CVSS5.2AI score0.00259EPSS

Exploits0References1

NVD•added 2023/02/03 1:15 a.m.•21 views

CVE-2022-47132

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users...

8.8CVSS8.8AI score0.03208EPSS

Exploits1References3

Cvelist•added 2022/08/26 12:50 p.m.•12 views

CVE-2021-39394

mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add user accounts and modify user information...

6.8AI score0.00101EPSS

Exploits1References1

CNNVD•added 2022/04/26 12:0 a.m.•1 views

Red Hat Single Sign-On 安全漏洞

Red Hat Single Sign-On is an authentication and access control system from the American company Red Hat Red Hat. The tool is responsible for authentication and access control functions for the system, supports most authentication protocols Oauth, OpenId Connect, etc., and can be easily integrated...

6.5CVSS6.5AI score0.00158EPSS

Exploits1References6

Packet Storm•added 2022/02/11 12:0 a.m.•285 views

Subrion CMS 4.2.1 Cross Site Request Forgery

Exploit Title: Subrion CMS 4.2.1 - Cross Site Request Forgery CSRF Add Amin Date: 2022-02-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://subrion.org Software Link: https://subrion.org/download Version: 4.2.1 Tested on: Windows 10 About - Subrion CMS : Subrion is a PHP/MySQL based C...

0.4AI score

Exploits0

Cvelist•added 2020/08/24 2:40 p.m.•11 views

CVE-2020-19889

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcmspid=-70 can add a user...

8.8AI score0.00141EPSS

Exploits1References1

Packet Storm•added 2020/06/10 12:0 a.m.•530 views

Sistem Informasi Pengumuman Kelulusan Online 1.0 CSRF

Exploit Title: Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery Add Admin Google Dork: N/A Date: 2020-06-10 Exploit Author: Extinction Vendor Homepage: https://adikiss.net/ Software Link:...

Exploits0

Cvelist•added 2020/02/25 5:13 p.m.•10 views

CVE-2020-9018

LiteCart through 2.2.1 allows admin/?app=users&doc=edituser CSRF to add a user...

5.3AI score0.00161EPSS

Exploits1References2

NVD•added 2018/11/26 7:29 a.m.•7 views

CVE-2018-19545

JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user...

8.8CVSS8.7AI score0.00145EPSS

Exploits1References1

Cvelist•added 2018/11/26 7:0 a.m.•9 views

CVE-2018-19545

JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user...

8.7AI score0.00145EPSS

Exploits1References1

Prion•added 2018/11/17 3:29 p.m.•12 views

Cross site request forgery (csrf)

An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...

6.8CVSS8.6AI score0.00144EPSS

Exploits1References1Affected Software1

NVD•added 2018/11/17 3:29 p.m.•18 views

CVE-2018-19332

An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...

8.8CVSS8.7AI score0.00144EPSS

Exploits1References1

CVE•added 2018/11/17 3:0 p.m.•42 views

CVE-2018-19332

CVE-2018-19332 affects S-CMS v1.5 and is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add endpoint. The CVE entry documents a cross-site request forgery flaw enabling unauthorized user creation, with CVSS data indicating a network-based, user-interaction-...

8.8CVSS8.6AI score0.00144EPSS

Exploits1References1Affected Software1

Prion•added 2018/08/08 3:29 a.m.•9 views

Cross site request forgery (csrf)

An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user...

6.8CVSS8.6AI score0.00134EPSS

Exploits1References1Affected Software1

OSV•added 2018/08/08 3:29 a.m.•12 views

CVE-2018-15198

An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user...

8.8CVSS6.9AI score

Exploits0References1

Cvelist•added 2018/08/08 3:0 a.m.•11 views

CVE-2018-15198

An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user...

8.7AI score0.00134EPSS

Exploits1References1

CVE•added 2018/05/22 4:0 p.m.•42 views

CVE-2018-11371

CVE-2018-11371 affects SkyCaiji 1.2, where a cross-site request forgery (CSRF) enables an attacker to add an Administrator user. The connected documents consistently describe SkyCaiji 1.2 CSRF as the root issue leading to privilege escalation via account creation. No fixes, mitigations, or patch ...

8.8CVSS8.6AI score0.00155EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by