Export limit exceeded: 342715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9684 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26641 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts. | ||||
| CVE-2020-26522 | 1 Garfield Petshop Project | 1 Garfield Petshop | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts. | ||||
| CVE-2020-26516 | 1 Intland | 1 Codebeamer | 2024-11-21 | 8.8 High |
| A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests. | ||||
| CVE-2020-26141 | 4 Alfa, Cisco, Redhat and 1 more | 191 Awus036h, Awus036h Firmware, Ip Conference Phone 8832 and 188 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. | ||||
| CVE-2020-26033 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check. | ||||
| CVE-2020-25986 | 1 Monocms | 1 Monocms | 2024-11-21 | 6.5 Medium |
| A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user. | ||||
| CVE-2020-25950 | 1 Totalonlinesolutions | 1 Advanced Webhost Billing System | 2024-11-21 | 4.3 Medium |
| Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that can delete a contact from the My Additional Contact page. | ||||
| CVE-2020-25862 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Leap and 2 more | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. | ||||
| CVE-2020-25758 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. | ||||
| CVE-2020-25622 | 1 Solarwinds | 1 N-central | 2024-11-21 | 8.8 High |
| An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF. | ||||
| CVE-2020-25602 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 6.0 Medium |
| An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability. | ||||
| CVE-2020-25562 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 6.5 Medium |
| In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent. | ||||
| CVE-2020-25472 | 1 Newsscriptphp | 1 News Script Php Pro | 2024-11-21 | 6.5 Medium |
| SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users. | ||||
| CVE-2020-25453 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 8.8 High |
| An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. | ||||
| CVE-2020-25411 | 1 Online Examination System Project | 1 Online Examination System | 2024-11-21 | 6.5 Medium |
| Projectworlds Online Examination System 1.0 is vulnerable to CSRF, which allows a remote attacker to delete the existing user. | ||||
| CVE-2020-25408 | 1 College Management System Project | 1 College Management System | 2024-11-21 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data. | ||||
| CVE-2020-25263 | 1 Pyrocms | 1 Pyrocms | 2024-11-21 | 7.1 High |
| PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted. | ||||
| CVE-2020-25262 | 1 Pyrocms | 1 Pyrocms | 2024-11-21 | 4.3 Medium |
| PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted. | ||||
| CVE-2020-25252 | 1 Hyland | 1 Onbase | 2024-11-21 | 8.8 High |
| An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account). | ||||
| CVE-2020-25142 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI. | ||||