CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

Cvelist•added 2026/05/25 2:15 p.m.•21 views

CVE-2018-25363 Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from...

5.3CVSS0.00199EPSS

Exploits0References3

Positive Technologies•added 2026/05/13 12:0 a.m.•8 views

PT-2026-40618

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add user endpoint with POST requests...

5.1CVSS5.7AI score0.0014EPSS

Exploits0References4

NVD•added 2026/04/05 9:16 p.m.•3 views

CVE-2019-25682

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...

5.3CVSS0.00132EPSS

Exploits1References3

CVE•added 2026/04/05 8:45 p.m.•6 views

CVE-2019-25682

CMSsite 1.0 contains a cross-site request forgery (CSRF) vulnerability in users.php that allows authenticated administrators to be tricked into submitting POST requests (e.g., source=add_user, source=edit_user, or del=1) to create, modify, or delete admin accounts. The attack is network-based wit...

5.3CVSS5.9AI score0.00132EPSS

Exploits1References3Affected Software1

CVE•added 2026/04/04 7:59 p.m.•6 views

CVE-2016-20054

CVE-2016-20054 concerns Nodcms and a cross-site request forgery (CSRF) vulnerability that enables unauthorized administrative actions via crafted forms. The issue allows tricking authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints t...

5.3CVSS5.9AI score0.00106EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/01/29 2:28 p.m.•2 views

CVE-2020-37007 Liman 0.7 - Cross-Site Request Forgery (Change Password)

Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting...

5.3CVSS5.8AI score0.00162EPSS

Exploits1References3

Snyk•added 2025/10/02 9:23 p.m.•2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the API. An attacker can perform unauthorized actions, such as creating and starting arbitrary instances or executing arbitrary commands inside containers, by tricking a victim authenticated with clien...

8.8CVSS6.9AI score0.0012EPSS

Exploits1References2

OSV•added 2025/10/02 10:15 a.m.•2 views

DEBIAN-CVE-2025-54286

Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...

8.8CVSS5.3AI score0.0012EPSS

Exploits1References1

Cvelist•added 2025/10/02 9:12 a.m.•8 views

CVE-2025-54286 CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI

7.5CVSS0.0012EPSS

Exploits1References1

Positive Technologies•added 2024/04/04 12:0 a.m.•4 views

PT-2024-21091 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 11.1 and below Description: The issue is a cross-site-request forgery vulnerability that may allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted...

5.4CVSS7.1AI score0.00214EPSS

Exploits0References6

Prion•added 2020/03/04 7:15 p.m.•13 views

Improper access control

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter1 POST request without being authenticated on the admin interface...

5CVSS7.3AI score0.02532EPSS

Exploits1References4Affected Software1

Cvelist•added 2020/03/04 6:3 p.m.•20 views

CVE-2019-19222

A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...

5.2AI score0.01867EPSS

Exploits1References4

OSV•added 2018/11/27 8:29 p.m.•3 views

CVE-2018-14892

Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms...

8.8CVSS5.8AI score0.00875EPSS

Exploits1References1

Fortinet•added 2016/06/23 12:0 a.m.•32 views

FortiWeb CSRF Vulnerability

A CSRF vulnerability could allow attackers to change admin password with crafted forms...

6.8CVSS4.2AI score0.00898EPSS

Exploits0

Exploit DB•added 2012/01/05 12:0 a.m.•24 views

Apache APR - Hash Collision Denial of Service

source: https://www.securityfocus.com/bid/51917/info Apache APR is prone to a denial-of-service vulnerability. An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36669.zip...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by