Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
3 HIGH17 MEDIUM
CVE-2025-49967
MEDIUM CVSS 4.3
Find Similar
Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder live-sports-streamthunder allows Cross Site Request Forgery.This issue affects Live Sports Streamthunder: from
NVD RRF 0.012
CVE-2020-37046
MEDIUM CVSS 5.1
Find Similar
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attacker
NVD RRF 0.012
CVE-2018-25127
MEDIUM CVSS 5.1
Find Similar
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft mal
NVD RRF 0.012
CVE-2019-25313
MEDIUM CVSS 5.1
Find Similar
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML
NVD RRF 0.012
CVE-2021-47800
MEDIUM CVSS 6.9
Find Similar
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit
NVD RRF 0.012
CVE-2019-25682
MEDIUM CVSS 5.3
Find Similar
CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated
victoralagwu
NVD RRF 0.012
CVE-2016-20054
MEDIUM CVSS 5.3
Find Similar
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administr
nodcms
NVD RRF 0.011
CVE-2025-27454
MEDIUM CVSS 4.3
Find Similar
The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser
endress
NVD RRF 0.011
CVE-2025-69238
MEDIUM CVSS 6.9
Find Similar
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST reque
raytha
NVD RRF 0.011
CVE-2021-47723
MEDIUM CVSS 6.9
Find Similar
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can
stvs
NVD RRF 0.011
CVE-2025-24724
MEDIUM CVSS 5.4
Find Similar
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite side-menu-lite allows Cross Site Request Forgery.This issue affects Side Menu Lite: from n/a through <= 5.3.1.
NVD RRF 0.011
CVE-2024-56116
HIGH CVSS 8.8
Find Similar
A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.
amiro
NVD RRF 0.011
CVE-2019-25242
MEDIUM CVSS 5.1
Find Similar
FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious w
iwt
NVD RRF 0.011
CVE-2025-1473
HIGH CVSS 7.1
Find Similar
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be u
lfprojects
NVD RRF 0.011
CVE-2025-9885
MEDIUM CVSS 4.3
Find Similar
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce
NVD RRF 0.011
CVE-2019-25233
MEDIUM CVSS 5.1
Find Similar
AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft mali
NVD RRF 0.010
CVE-2018-25397
MEDIUM CVSS 6.9
Find Similar
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated a
NVD RRF 0.010
CVE-2026-36956
HIGH CVSS 8.8
Find Similar
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms
dbitnet
NVD RRF 0.010
CVE-2018-25174
MEDIUM CVSS 6.9
Find Similar
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft
NVD RRF 0.010
CVE-2026-25024
MEDIUM CVSS 5.4
Find Similar
Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through <= 3.11.9
NVD RRF 0.010
← Previous Page 2+ Next →