Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact
Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this
Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has
SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an at
Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions directly via the session manager, bypassing
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery (CSRF) vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrf_token' w
Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and
Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, a
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are o
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are o
A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a re
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and t
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause th
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credenti
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by lur
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an unauth
A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Two endpoints in the built-in web app that pr
Page 1+ Next →