Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
1 CRITICAL18 MEDIUM1 LOW
CVE-2016-20028
MEDIUM CVSS 5.3
Find Similar
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attac
NVD RRF 0.016
CVE-2016-20027
MEDIUM CVSS 5.1
Find Similar
ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanit
NVD RRF 0.016
CVE-2020-37241
MEDIUM CVSS 6.9
Find Similar
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can
NVD RRF 0.016
CVE-2019-25247
MEDIUM CVSS 5.1
Find Similar
Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craf
NVD RRF 0.016
CVE-2016-20054
MEDIUM CVSS 5.3
Find Similar
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administr
nodcms
NVD RRF 0.015
CVE-2018-25133
MEDIUM CVSS 5.1
Find Similar
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft mal
NVD RRF 0.015
CVE-2016-20032
MEDIUM CVSS 5.1
Find Similar
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the '
NVD RRF 0.015
CVE-2019-25250
MEDIUM CVSS 5.1
Find Similar
Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft
NVD RRF 0.015
CVE-2018-25151
MEDIUM CVSS 5.1
Find Similar
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft
NVD RRF 0.014
CVE-2021-47800
MEDIUM CVSS 6.9
Find Similar
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit
NVD RRF 0.014
CVE-2020-37046
MEDIUM CVSS 5.1
Find Similar
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attacker
NVD RRF 0.014
CVE-2013-20005
MEDIUM CVSS 6.9
Find Similar
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers ca
NVD RRF 0.014
CVE-2020-37091
MEDIUM CVSS 5.1
Find Similar
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms
NVD RRF 0.014
CVE-2016-20026
CRITICAL CVSS 9.3
Find Similar
ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hard
NVD RRF 0.014
CVE-2025-32276
MEDIUM CVSS 4.3
Find Similar
Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z administrator-z allows Cross Site Request Forgery.This issue affects Administrator Z: from n/a through <= 2026.03.02.
NVD RRF 0.013
CVE-2020-37145
MEDIUM CVSS 5.1
Find Similar
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious
NVD RRF 0.013
CVE-2025-10764
LOW CVSS 2.1
Find Similar
A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action Syst
zkea
NVD RRF 0.013
CVE-2025-53347
MEDIUM CVSS 4.3
Find Similar
Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3.
NVD RRF 0.013
CVE-2024-45983
MEDIUM CVSS 6.3
Find Similar
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a re
kishan0725
NVD RRF 0.013
CVE-2024-43006
MEDIUM CVSS 5.4
Find Similar
A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /us
zzcms
NVD RRF 0.013
Page 1+ Next →