Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
2 HIGH18 MEDIUM
CVE-2013-20005
MEDIUM CVSS 6.9
Find Similar
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers ca
NVD RRF 0.016
CVE-2019-25682
MEDIUM CVSS 5.3
Find Similar
CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated
victoralagwu
NVD RRF 0.016
CVE-2018-25168
MEDIUM CVSS 5.3
Find Similar
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attac
NVD RRF 0.016
CVE-2021-47800
MEDIUM CVSS 6.9
Find Similar
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit
NVD RRF 0.016
CVE-2016-20053
MEDIUM CVSS 6.9
Find Similar
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting m
redaxo
NVD RRF 0.015
CVE-2018-25174
MEDIUM CVSS 6.9
Find Similar
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft
NVD RRF 0.015
CVE-2013-20006
HIGH CVSS 8.7
Find Similar
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users.
NVD RRF 0.015
CVE-2016-20054
MEDIUM CVSS 5.3
Find Similar
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administr
nodcms
NVD RRF 0.015
CVE-2018-25397
MEDIUM CVSS 6.9
Find Similar
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated a
NVD RRF 0.014
CVE-2020-37241
MEDIUM CVSS 6.9
Find Similar
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can
NVD RRF 0.014
CVE-2020-37217
MEDIUM CVSS 5.1
Find Similar
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attacke
NVD RRF 0.014
CVE-2019-25247
MEDIUM CVSS 5.1
Find Similar
Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craf
NVD RRF 0.014
CVE-2018-25133
MEDIUM CVSS 5.1
Find Similar
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft mal
NVD RRF 0.014
CVE-2020-37145
MEDIUM CVSS 5.1
Find Similar
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious
NVD RRF 0.014
CVE-2025-14354
MEDIUM CVSS 4.3
Find Similar
The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple
NVD RRF 0.013
CVE-2018-25354
MEDIUM CVSS 5.3
Find Similar
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious page
NVD RRF 0.013
CVE-2024-28141
MEDIUM CVSS 6.3
Find Similar
The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlle
NVD RRF 0.013
CVE-2018-25190
MEDIUM CVSS 6.9
Find Similar
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malic
rul10
NVD RRF 0.013
CVE-2024-56116
HIGH CVSS 8.8
Find Similar
A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.
amiro
NVD RRF 0.013
CVE-2019-25313
MEDIUM CVSS 5.1
Find Similar
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML
NVD RRF 0.013
Page 1+ Next →