CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

ATTACKERKB•added 2026/02/06 11:16 p.m.•5 views

CVE-2020-37079

Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...

5.1CVSS5.2AI score0.0017EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2026/01/09 10:56 a.m.•3 views

CVE-2022-38359

Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL...

8.8CVSS6.7AI score0.00425EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:32 a.m.•5 views

CVE-2019-16721

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user...

6.5CVSS7AI score0.00534EPSS

Exploits1References1

CVE•added 2025/11/10 12:0 a.m.•11 views

CVE-2025-63711

CVE-2025-63711 is a CSRF vulnerability affecting SourceCodester Client Database Management System 1.0. The issue: the user deletion endpoint (e.g., superadmin_user_delete.php) accepts POST with user_id and lacks request origin checks, anti-CSRF tokens, and proper authentication/authorization. An ...

7.1CVSS6.6AI score0.00174EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-40948

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00425EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2023-49404

Malicious code in bioql PyPI...

4.4CVSS5.1AI score0.00236EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:52 p.m.•3 views

CVE-2022-4266

The Bulk Delete Users by Email WordPress plugin through 1.2 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete non admin users by knowing their email via a CSRF attack...

6.5CVSS6.8AI score0.00326EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:13 p.m.•8 views

CVE-2020-23342

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users...

8.8CVSS6.8AI score0.12428EPSS

Exploits4

Vulnrichment•added 2025/02/04 9:21 a.m.•8 views

CVE-2024-13356 DSGVO All in one for WP <= 4.6 - Cross-Site Request Forgery to Account Deletion

The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the userremoveform.php file. This makes it possible for unauthenticated attackers to delete admin user...

6.5CVSS6.5AI score0.00215EPSS

Exploits0References3

OSV•added 2022/08/15 11:15 p.m.•1 views

CVE-2022-38359

8.8CVSS5.8AI score

Exploits0References1

NVD•added 2022/08/15 11:15 p.m.•13 views

CVE-2022-38359

8.8CVSS0.00425EPSS

Exploits1References1

CVE•added 2022/08/15 10:5 p.m.•63 views

CVE-2022-38359

CVE-2022-38359 concerns the Eyes of Network web application, where a lack of anti-CSRF protections enables cross-site request forgery. The issue allows an authenticated attacker to trigger administrative actions by steering a user to a crafted link such as …/module/admin_user/index.php?DataTables...

8.8CVSS8.5AI score0.00425EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2022/08/15 12:0 a.m.•3 views

PT-2022-24387 · Unknown · Eyesofnetwork

Name of the Vulnerable Software and Affected Versions: Eyes of Network affected versions not specified Description: The issue allows cross-site request forgery attacks against the Eyes of Network web application due to inadequate protections. An attacker can delete the admin user by directing an...

8.8CVSS8.4AI score0.00425EPSS

Exploits1References2

Packet Storm•added 2020/12/09 12:0 a.m.•466 views

Employee Performance Evaluation System 1.0 Insecure Direct Object Reference

Exploit Title: Employee Performance Evaluation System 1.0 - Able to delete Admin user from Local account Unauthenticated Insecure Direct Object Reference IDOR Date: 09/12/2020 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score

Exploits0

OSV•added 2019/09/23 2:15 p.m.•14 views

CVE-2019-16721

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user...

6.5CVSS6.9AI score

Exploits0References1

NVD•added 2019/09/23 2:15 p.m.•16 views

CVE-2019-16721

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user...

6.5CVSS6.5AI score0.00534EPSS

Exploits1References1

Cvelist•added 2019/09/23 1:35 p.m.•18 views

CVE-2019-16721

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user...

6.6AI score0.00534EPSS

Exploits1References1

CVE•added 2019/09/23 1:35 p.m.•50 views

CVE-2019-16721

CVE-2019-16721 affects NoneCMS v1.3 and is a cross-site request forgery in the public/index.php/admin/admin/dele.html endpoint, demonstrated by deletion of the admin user. The issue arises from CSRF on the admin delete action, allowing an attacker‑crafted request to trigger admin-user deletion un...

6.5CVSS6.5AI score0.00534EPSS

Exploits1References1Affected Software1

Prion•added 2019/03/21 4:0 p.m.•14 views

Cross site request forgery (csrf)

LayerBB before 1.1.3 allows CSRF for adding a user via admin/newuser.php, deleting a user via admin/members.php/deleteuser/, and deleting content via mod/delete.php/...

5.8CVSS6.5AI score0.03011EPSS

Exploits4References4Affected Software1

OSV•added 2018/10/18 9:29 p.m.•2 views

CVE-2018-18486

An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del userid parameter...

9.8CVSS5.8AI score0.01135EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by