Total
9135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7677 | 1 Netiq | 1 Access Manager | 2026-06-17 | 6.8 MEDIUM | 3.5 LOW |
| A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. | |||||
| CVE-2018-7634 | 1 Enalean | 1 Tuleap | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover. | |||||
| CVE-2018-7590 | 1 Hoosk | 1 Hoosk | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | |||||
| CVE-2018-7565 | 1 Polycom | 2 Qdx 6000, Qdx 6000 Firmware | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on Polycom QDX 6000 devices. | |||||
| CVE-2018-7524 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. | |||||
| CVE-2018-7308 | 1 Hosting Project | 1 Hosting | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account. | |||||
| CVE-2018-7307 | 1 Auth0 | 1 Auth0.js | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter. | |||||
| CVE-2018-7305 | 1 Mybb | 1 Mybb | 2026-06-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts. | |||||
| CVE-2018-7219 | 1 5none | 1 Nonecms | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request. | |||||
| CVE-2018-7216 | 1 Tejari | 1 Bravo Solution | 2026-06-17 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens. | |||||
| CVE-2018-7176 | 1 Frontaccounting | 1 Frontaccounting | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page). | |||||
| CVE-2018-7097 | 1 Hp | 1 3par Service Provider | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. | |||||
| CVE-2018-7060 | 1 Arubanetworks | 1 Clearpass | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface. | |||||
| CVE-2018-6941 | 1 Nat32 | 1 Nat32 | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS. | |||||
| CVE-2018-6940 | 1 Nat32 | 1 Nat32 | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF. | |||||
| CVE-2018-6934 | 1 Ordermanagementscript | 1 Online Tutoring Script | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3. | |||||
| CVE-2018-6907 | 1 Rainmachine | 1 Rainmachine Web Application | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. | |||||
| CVE-2018-6888 | 1 Typesettercms | 1 Typesetter | 2026-06-17 | 6.0 MEDIUM | 8.0 HIGH |
| An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token. | |||||
| CVE-2018-6874 | 1 Auth0 | 1 Auth0.js | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled. | |||||
| CVE-2018-6656 | 1 Zblogcn | 1 Z-blogphp | 2026-06-17 | 5.8 MEDIUM | 6.5 MEDIUM |
| Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. | |||||