CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

483 matches found

Tenable Nessus•added 2026/01/19 12:0 a.m.•2 views

MiracleLinux 3 : drupal-6.4-3AXS3 (AXBA:2008-316:03)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXBA:2008-316:03 advisory. - Multiple cross-site request forgery CSRF vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions vi...

7.5CVSS5.6AI score0.013EPSS

Exploits0References8

Tenable Nessus•added 2026/01/14 12:0 a.m.•2 views

MiracleLinux 3 : drupal-6.4-1AXS3 (AXSA:2008-285:02)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2008-285:02 advisory. Drupal is a free CMS Content Management System software package that allows an individual or a community of users to easily publish, manage and...

7.5CVSS5.6AI score0.013EPSS

Exploits0References8

RedhatCVE•added 2026/01/09 12:31 p.m.•8 views

CVE-2023-4150

The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks...

4.3CVSS6.8AI score0.00083EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 11:53 a.m.•3 views

CVE-2009-4905

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change 1 passwords, 2 usernames, and 3 e-mail addresses...

6.8CVSS7.7AI score0.00207EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:51 a.m.•2 views

CVE-2009-4981

Multiple cross-site request forgery CSRF vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators...

6.8CVSS7.6AI score0.00116EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:12 a.m.•8 views

CVE-2016-10884

The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues...

8.8CVSS7.1AI score0.003EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:45 a.m.•3 views

CVE-2022-0780

The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siqajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss paramet...

6.1CVSS6.4AI score0.01135EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 8:37 a.m.•7 views

CVE-2019-20691

Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88...

8.8CVSS6.9AI score0.0021EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:34 a.m.•3 views

CVE-2019-7654

Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server-Users component. This issue w...

6.5CVSS7AI score0.00574EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:30 a.m.•5 views

CVE-2019-16531

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php...

8.8CVSS6.9AI score0.0021EPSS

Exploits5References1