• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2018-10986

February 26, 2023 by

OX Guard 2.8.0 has CSRF.

CVE-2018-11003

February 26, 2023 by

An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel.

CVE-2018-11004

February 26, 2023 by

An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.

CVE-2018-10884

February 26, 2023 by

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.

CVE-2018-10895

February 26, 2023 by

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access ‘qute://*’ URLs. A malicious website could exploit this to load a ‘qute://settings/set’ URL, which then sets ‘editor.command’ to a bash script, resulting in arbitrary code execution.

CVE-2018-10899

February 26, 2023 by

A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 88
  • Go to page 89
  • Go to page 90
  • Go to page 91
  • Go to page 92
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE