CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

774 matches found

CNNVD•added 2026/05/07 12:0 a.m.•2 views

WordPress plugin BEAR 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00016EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:31 p.m.•10 views

CVE-2023-4827

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

8.8CVSS6.7AI score0.06277EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 11:58 a.m.•5 views

CVE-2018-19511

wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password...

6.5CVSS7AI score0.00166EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 11:52 a.m.•6 views

CVE-2009-4787

Multiple cross-site request forgery CSRF vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact...

6.8CVSS7.9AI score0.00126EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:12 a.m.•6 views

CVE-2016-10313

Jensen of Scandinavia AS Air:Link 3G AL3G version 2.23m Rev. 3, Air:Link 5000AC AL5000AC version 1.13, and Air:Link 59300 AL59300 version 1.04 Rev. 4 devices allow remote attackers to conduct CSRF attacks via certain /goform/ pages...

8.8CVSS7.3AI score0.00204EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:28 a.m.•3 views

CVE-2023-49076

Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5...

6.5CVSS6.8AI score0.00006EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:4 a.m.•5 views

CVE-2024-41795

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices is vulnerable to Cross-Site Request Forgery CSRF attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device...

6.9CVSS6.8AI score0.00342EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:19 a.m.•3 views

CVE-2024-2376

The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.8AI score0.00435EPSS

Exploits2References1