Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
1 HIGH19 MEDIUM
CVE-2018-25150
MEDIUM CVSS 5.1
Find Similar
Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicio
NVD RRF 0.016
CVE-2018-25152
MEDIUM CVSS 5.1
Find Similar
Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web pa
NVD RRF 0.016
CVE-2018-25151
MEDIUM CVSS 5.1
Find Similar
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft
NVD RRF 0.016
CVE-2019-25247
MEDIUM CVSS 5.1
Find Similar
Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craf
NVD RRF 0.016
CVE-2020-37091
MEDIUM CVSS 5.1
Find Similar
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms
NVD RRF 0.015
CVE-2020-37145
MEDIUM CVSS 5.1
Find Similar
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious
NVD RRF 0.015
CVE-2019-25313
MEDIUM CVSS 5.1
Find Similar
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML
NVD RRF 0.015
CVE-2021-47800
MEDIUM CVSS 6.9
Find Similar
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit
NVD RRF 0.015
CVE-2018-25174
MEDIUM CVSS 6.9
Find Similar
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft
NVD RRF 0.014
CVE-2018-25133
MEDIUM CVSS 5.1
Find Similar
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft mal
NVD RRF 0.014
CVE-2018-25190
MEDIUM CVSS 6.9
Find Similar
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malic
rul10
NVD RRF 0.014
CVE-2013-20005
MEDIUM CVSS 6.9
Find Similar
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers ca
NVD RRF 0.014
CVE-2024-28141
MEDIUM CVSS 6.3
Find Similar
The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlle
NVD RRF 0.014
CVE-2018-25168
MEDIUM CVSS 5.3
Find Similar
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attac
NVD RRF 0.014
CVE-2016-20051
MEDIUM CVSS 6.9
Find Similar
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick
snewscms
NVD RRF 0.013
CVE-2019-25238
MEDIUM CVSS 5.1
Find Similar
V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pa
NVD RRF 0.013
CVE-2024-56116
HIGH CVSS 8.8
Find Similar
A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.
amiro
NVD RRF 0.013
CVE-2025-63952
MEDIUM CVSS 5.7
Find Similar
A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
magewell
NVD RRF 0.013
CVE-2025-14354
MEDIUM CVSS 4.3
Find Similar
The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple
NVD RRF 0.013
CVE-2020-36906
MEDIUM CVSS 5.3
Find Similar
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages
NVD RRF 0.013
Page 1+ Next →