Export limit exceeded: 352732 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10095 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14823 | 3 Jss Cryptomanager Project, Linux, Redhat | 10 Jss Cryptomanager, Linux Kernel, Enterprise Linux and 7 more | 2024-11-21 | 7.4 High |
| A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle. | ||||
| CVE-2019-14703 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-11-21 | N/A |
| A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. | ||||
| CVE-2019-14683 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | 5.7 Medium |
| The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. | ||||
| CVE-2019-14682 | 1 Acf\ | 1 Better Search Project | 2024-11-21 | N/A |
| The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. | ||||
| CVE-2019-14681 | 1 Deny All Firewall Project | 1 Deny All Firewall | 2024-11-21 | N/A |
| The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. | ||||
| CVE-2019-14680 | 1 Mijnpress | 1 Admin-renamer-extended | 2024-11-21 | 5.7 Medium |
| The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. | ||||
| CVE-2019-14679 | 1 Reputeinfosystems | 1 Arprice Lite | 2024-11-21 | N/A |
| core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF. | ||||
| CVE-2019-14551 | 1 Daskeyboard | 4 Das Keyboard 4q, Das Keyboard 5q, Das Keyboard X50q and 1 more | 2024-11-21 | N/A |
| Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive. | ||||
| CVE-2019-14526 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2024-11-21 | N/A |
| An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token. | ||||
| CVE-2019-14481 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 5.4 Medium |
| AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover. | ||||
| CVE-2019-14346 | 1 Schben | 1 Adive | 2024-11-21 | N/A |
| Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. | ||||
| CVE-2019-14328 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | N/A |
| The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. | ||||
| CVE-2019-14327 | 1 Custom Simple Rss Project | 1 Custom Simple Rss | 2024-11-21 | N/A |
| A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings. | ||||
| CVE-2019-14304 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2024-11-21 | 8.8 High |
| Ricoh SP C250DN 1.06 devices allow CSRF. | ||||
| CVE-2019-14240 | 1 Wcms | 1 Wcms | 2024-11-21 | N/A |
| WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI. | ||||
| CVE-2019-14228 | 1 Angry-frog | 1 Xavier | 2024-11-21 | N/A |
| Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation. | ||||
| CVE-2019-14216 | 1 Wp Svg Icons Project | 1 Wp Svg Icons | 2024-11-21 | N/A |
| An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file. | ||||
| CVE-2019-13974 | 1 Layerbb | 1 Layerbb | 2024-11-21 | N/A |
| LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. | ||||
| CVE-2019-13961 | 1 Flatcore | 1 Flatcore | 2024-11-21 | N/A |
| A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. | ||||
| CVE-2019-13949 | 1 Syguestbook A5 Project | 1 Syguestbook A5 | 2024-11-21 | N/A |
| SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change. | ||||