CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1787 matches found

RedhatCVE•added 2026/03/28 11:9 p.m.•5 views

CVE-2026-33875

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

9.3CVSS5.9AI score0.00265EPSS

Exploits0References1

Positive Technologies•added 2026/03/27 12:0 a.m.•4 views

PT-2026-28546

Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions prior to 4.16.0 Description Gematik Authenticator is used to securely authenticate users for login to digital health applications. Versions prior to 4.16.0 are susceptible to authentication flow hijacking. An...

9.3CVSS5.9AI score0.00265EPSS

Exploits0References7

RedhatCVE•added 2026/01/09 12:51 p.m.•9 views

CVE-2014-4716

Cross-site request forgery CSRF vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity...

6.8CVSS7.6AI score0.02278EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:51 a.m.•3 views

CVE-2009-4981

Multiple cross-site request forgery CSRF vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators...

6.8CVSS7.6AI score0.00524EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:50 a.m.•6 views

CVE-2009-4906

Cross-site request forgery CSRF vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords...

6.8CVSS7.6AI score0.01068EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:48 a.m.•4 views

CVE-2009-4517

Cross-site request forgery CSRF vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content...

6.8CVSS7.6AI score0.00604EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:43 a.m.•5 views

CVE-2010-0638

Cross-site request forgery CSRF vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely...

6.8CVSS7.3AI score0.00566EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:53 a.m.•3 views

CVE-2013-6797

Cross-site request forgery CSRF vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bwurl parameter in the bw-videos pag...

6.8CVSS7.6AI score0.02884EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:52 a.m.•3 views

CVE-2013-6018

Cross-site request forgery CSRF vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password...

6.8CVSS7.6AI score0.00619EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:52 a.m.•6 views

CVE-2013-6346

Cross-site request forgery CSRF vulnerability in the ZCC page in Novell ZENworks Configuration Management ZCM before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

6.8CVSS7.4AI score0.00576EPSS

Exploits0References1