Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
1 CRITICAL19 MEDIUM
CVE-2018-25397
MEDIUM CVSS 6.9
Find Similar
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated a
NVD RRF 0.016
CVE-2018-25200
MEDIUM CVSS 6.9
Find Similar
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can sub
tomalofficial
NVD RRF 0.016
CVE-2020-37145
MEDIUM CVSS 5.1
Find Similar
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious
NVD RRF 0.016
CVE-2018-25190
MEDIUM CVSS 6.9
Find Similar
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malic
rul10
NVD RRF 0.016
CVE-2020-37091
MEDIUM CVSS 5.1
Find Similar
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms
NVD RRF 0.015
CVE-2018-25168
MEDIUM CVSS 5.3
Find Similar
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attac
NVD RRF 0.015
CVE-2020-37046
MEDIUM CVSS 5.1
Find Similar
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attacker
NVD RRF 0.015
CVE-2018-25343
MEDIUM CVSS 5.3
Find Similar
Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HT
NVD RRF 0.015
CVE-2019-25682
MEDIUM CVSS 5.3
Find Similar
CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated
victoralagwu
NVD RRF 0.014
CVE-2019-25247
MEDIUM CVSS 5.1
Find Similar
Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craf
NVD RRF 0.014
CVE-2013-20005
MEDIUM CVSS 6.9
Find Similar
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers ca
NVD RRF 0.014
CVE-2018-25133
MEDIUM CVSS 5.1
Find Similar
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft mal
NVD RRF 0.014
CVE-2021-47800
MEDIUM CVSS 6.9
Find Similar
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit
NVD RRF 0.014
CVE-2016-20053
MEDIUM CVSS 6.9
Find Similar
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting m
redaxo
NVD RRF 0.014
CVE-2020-37144
MEDIUM CVSS 5.1
Find Similar
Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submit
NVD RRF 0.013
CVE-2025-14354
MEDIUM CVSS 4.3
Find Similar
The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple
NVD RRF 0.013
CVE-2018-25337
MEDIUM CVSS 5.3
Find Similar
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML for
NVD RRF 0.013
CVE-2023-53914
CRITICAL CVSS 9.3
Find Similar
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted PO
ulicms
NVD RRF 0.013
CVE-2024-13510
MEDIUM CVSS 6.1
Find Similar
The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This mak
NVD RRF 0.013
CVE-2018-25174
MEDIUM CVSS 6.9
Find Similar
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft
NVD RRF 0.013
Page 1+ Next →