Total
8513 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20126 | 1 Draytek | 1 Vigorconnect | 2024-11-21 | 8.8 High |
| Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | ||||
| CVE-2021-20120 | 1 Commscope | 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware | 2024-11-21 | 8.8 High |
| The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user. | ||||
| CVE-2021-20102 | 1 Machform | 1 Machform | 2024-11-21 | 8.8 High |
| Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place. | ||||
| CVE-2021-20096 | 1 Lucyparsonslabs | 1 Openoversight | 2024-11-21 | 8.1 High |
| Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2021-20073 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 8.8 High |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. | ||||
| CVE-2021-1227 | 1 Cisco | 46 Mds 9148s, Mds 9250i, Mds 9706 and 43 more | 2024-11-21 | 8.1 High |
| A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default. | ||||
| CVE-2020-9454 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 8.8 High |
| A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. | ||||
| CVE-2020-9394 | 1 Supsystic | 1 Pricing Table By Supsystic | 2024-11-21 | 8.8 High |
| An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. | ||||
| CVE-2020-9388 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 6.5 Medium |
| CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard. | ||||
| CVE-2020-9346 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | ||||
| CVE-2020-9341 | 1 Auieo | 1 Candidats | 2024-11-21 | 8.8 High |
| CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. | ||||
| CVE-2020-9271 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.5 Medium |
| ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. | ||||
| CVE-2020-9270 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 8.8 High |
| ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. | ||||
| CVE-2020-9267 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 6.5 Medium |
| SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. | ||||
| CVE-2020-9266 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 6.5 Medium |
| SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php. | ||||
| CVE-2020-9042 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 8.8 High |
| In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. | ||||
| CVE-2020-9018 | 1 Litecart | 1 Litecart | 2024-11-21 | 5.3 Medium |
| LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. | ||||
| CVE-2020-8985 | 1 Zend | 1 Zendto | 2024-11-21 | 8.8 High |
| ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | ||||
| CVE-2020-8830 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-11-21 | 8.8 High |
| CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | ||||
| CVE-2020-8829 | 1 Intelbras | 2 Cip 92200, Cip 92200 Firmware | 2024-11-21 | 8.8 High |
| CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. | ||||