Total
9135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25150 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator into loading the page. | |||||
| CVE-2018-25149 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page. | |||||
| CVE-2018-25133 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated administrators into loading a malicious page. | |||||
| CVE-2018-25127 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site. | |||||
| CVE-2018-25096 | 1 Petrk94 | 1 Ownhealthrecord | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191. | |||||
| CVE-2018-21160 | 1 Netgear | 1 Readynas Os | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. | |||||
| CVE-2018-21120 | 1 Netgear | 22 Wac120, Wac120 Firmware, Wac505 and 19 more | 2026-06-17 | 6.0 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. | |||||
| CVE-2018-21102 | 1 Netgear | 1 Readynas Os Firmware | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. | |||||
| CVE-2018-21096 | 1 Netgear | 22 Wac120, Wac120 Firmware, Wac505 and 19 more | 2026-06-17 | 4.9 MEDIUM | 7.4 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. | |||||
| CVE-2018-21037 | 1 Intelliants | 1 Subrion | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | |||||
| CVE-2018-21006 | 1 Bbpress Move Topics Project | 1 Bbpress Move Topics | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. | |||||
| CVE-2018-21002 | 1 Joomsky | 1 Js Help Desk | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. | |||||
| CVE-2018-20974 | 1 Joomsky | 1 Js Job Manager | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The js-jobs plugin before 1.0.7 for WordPress has CSRF. | |||||
| CVE-2018-20972 | 1 Codeermeneer | 1 Companion Auto Update | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. | |||||
| CVE-2018-20971 | 1 Churchadminplugin | 1 Church Admin | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. | |||||
| CVE-2018-20968 | 1 Smackcoders | 1 Ultimate Exporter | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | |||||
| CVE-2018-20967 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | |||||
| CVE-2018-20964 | 1 Codepeople | 1 Contact Form Email | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | |||||
| CVE-2018-20872 | 1 I-lan | 1 Draytekl Firmware | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649. | |||||
| CVE-2018-20848 | 1 Peel | 1 Peel Shopping | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. | |||||