Total
9090 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0864 | 1 Ibm | 1 Algo Credit Limits | 2026-06-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document. | |||||
| CVE-2014-0835 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings. | |||||
| CVE-2014-0831 | 1 Ibm | 1 Financial Transaction Manager | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data. | |||||
| CVE-2014-0813 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. | |||||
| CVE-2014-0745 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502. | |||||
| CVE-2014-0740 | 1 Cisco | 1 Unified Communications Manager | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. | |||||
| CVE-2014-0736 | 1 Cisco | 1 Unified Communications Manager | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. | |||||
| CVE-2014-0641 | 1 Emc | 1 Rsa Archer Egrc | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-0621 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2026-06-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. | |||||
| CVE-2014-0594 | 1 Opensuse | 1 Open Build Service | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. | |||||
| CVE-2014-0570 | 1 Adobe | 1 Coldfusion | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-0336 | 1 Serena | 1 Dimensions Cm | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI. | |||||
| CVE-2014-0213 | 1 Moodle | 1 Moodle | 2026-06-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests. | |||||
| CVE-2014-0197 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| CFME: CSRF protection vulnerability via permissive check of the referrer header | |||||
| CVE-2014-0168 | 1 Jolokia | 1 Jolokia | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. | |||||
| CVE-2014-0151 | 1 Redhat | 1 Ovirt-engine | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. | |||||
| CVE-2014-0126 | 1 Moodle | 1 Moodle | 2026-06-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file. | |||||
| CVE-2014-0120 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | |||||
| CVE-2014-0054 | 2 Springsource, Vmware | 2 Spring Framework, Spring Framework | 2026-06-17 | 6.8 MEDIUM | N/A |
| The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. | |||||
| CVE-2014-0026 | 1 Redhat | 1 Subscription Asset Manager | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| katello-headpin is vulnerable to CSRF in REST API | |||||