Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-5791 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-5791)
vulnerability in csrf (CVE-2026-5791). Data can be tampered with by attackers.
|
| CVE-2026-42091 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-42091)
vulnerability in csrf (CVE-2026-42091). Data can be tampered with by attackers.
|
| CVE-2026-36960 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-36960)
vulnerability in csrf (CVE-2026-36960). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36956 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-36956)
vulnerability in csrf (CVE-2026-36956). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38934 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-38934 (CVE-2026-38934)
vulnerability in CVE-2026-38934 (CVE-2026-38934). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40948 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2026-40948)
vulnerability in apache (CVE-2026-40948). Risk of unauthorized operations or information disclosure. Exploitable via ``state``.
|
| CVE-2026-39848 |
|
Vulnerability in csrf (CVE-2026-39848)
vulnerability in csrf (CVE-2026-39848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-4984 |
|
Vulnerability in CVE-2026-4984 (CVE-2026-4984)
vulnerability in CVE-2026-4984 (CVE-2026-4984). Confidential information can be exposed externally.
|
| CVE-2016-20028 |
|
Cross-Site Request Forgery (CSRF) in CVE-2016-20028 (CVE-2016-20028)
vulnerability in CVE-2016-20028 (CVE-2016-20028). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27609 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-27609)
vulnerability in csrf (CVE-2026-27609). Data can be tampered with by attackers. Exploitable via `POST /apps/`.
|
| CVE-2026-23950 |
|
Vulnerability in isaacs (CVE-2026-23950)
vulnerability in isaacs (CVE-2026-23950). Data can be tampered with by attackers. Exploitable via ``PathReservations``.
|
| CVE-2025-1927 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-1927)
vulnerability in csrf (CVE-2025-1927). Data can be tampered with by attackers.
|
| CVE-2025-11022 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-11022)
vulnerability in csrf (CVE-2025-11022). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13296 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-13296)
vulnerability in csrf (CVE-2025-13296). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-56400 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-56400)
vulnerability in csrf (CVE-2025-56400). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56009 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-56009)
vulnerability in csrf (CVE-2025-56009). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60535 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-60535)
vulnerability in csrf (CVE-2025-60535). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60956 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-60956)
vulnerability in csrf (CVE-2025-60956). Successful exploitation can lead to full system takeover.
|
| CVE-2025-0610 |
|
Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request...
Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request...
|
| CVE-2025-50847 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-50847)
vulnerability in csrf (CVE-2025-50847). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-2533 KEV |
|
[KEV] Cross-Site Request Forgery (CSRF) in Papercut ngmf (CVE-2023-2533)
vulnerability in Papercut ngmf (CVE-2023-2533). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-50586 |
|
StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).
StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).
|
| CVE-2024-11142 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2024-11142)
vulnerability in csrf (CVE-2024-11142). Successful exploitation can lead to full system takeover.
|
| CVE-2025-26570 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-26570)
vulnerability in csrf (CVE-2025-26570). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-26569 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-26569)
vulnerability in csrf (CVE-2025-26569). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-57523 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2024-57523)
vulnerability in csrf (CVE-2024-57523). Data can be tampered with by attackers.
|
| CVE-2024-48418 |
|
Cross-Site Request Forgery (CSRF) in edimax (CVE-2024-48418)
vulnerability in edimax (CVE-2024-48418). Successful exploitation can lead to full system takeover.
|
| CVE-2024-37774 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2024-37774)
vulnerability in csrf (CVE-2024-37774). Successful exploitation can lead to full system takeover.
|
| CVE-2014-100005 KEV |
|
[KEV] Cross-Site Request Forgery (CSRF) in D-link dir-600-router (CVE-2014-100005)
vulnerability in D-link dir-600-router (CVE-2014-100005). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-6676 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2023-6676)
vulnerability in csrf (CVE-2023-6676). Successful exploitation can lead to full system takeover.
|
| CVE-2023-47326 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2023-47326)
vulnerability in csrf (CVE-2023-47326). Successful exploitation can lead to full system takeover.
|
| CVE-2023-47322 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2023-47322)
vulnerability in csrf (CVE-2023-47322). Successful exploitation can lead to full system takeover.
|
| CVE-2023-45992 |
|
Cross-Site Scripting (XSS) in csrf (CVE-2023-45992)
cross-site scripting in csrf (CVE-2023-45992). Successful exploitation can lead to full system takeover.
|
| CVE-2023-41452 |
|
Cross-Site Request Forgery (CSRF) in phpkobo (CVE-2023-41452)
vulnerability in phpkobo (CVE-2023-41452). Successful exploitation can lead to full system takeover.
|
| CVE-2023-43278 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2023-43278)
vulnerability in csrf (CVE-2023-43278). Successful exploitation can lead to full system takeover.
|
| CVE-2023-39061 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2023-39061)
vulnerability in csrf (CVE-2023-39061). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40488 |
|
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
|
| CVE-2022-43340 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-43340)
vulnerability in csrf (CVE-2022-43340). Successful exploitation can lead to full system takeover.
|
| CVE-2018-14519 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2018-14519)
vulnerability in csrf (CVE-2018-14519). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26173 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-26173)
vulnerability in csrf (CVE-2022-26173). Successful exploitation can lead to full system takeover.
|
| CVE-2020-19964 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2020-19964)
vulnerability in csrf (CVE-2020-19964). Data can be tampered with by attackers.
|
| CVE-2020-20586 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2020-20586)
vulnerability in csrf (CVE-2020-20586). Data can be tampered with by attackers.
|
| CVE-2021-31659 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2021-31659)
vulnerability in csrf (CVE-2021-31659). Successful exploitation can lead to full system takeover.
|
| CVE-2021-26216 |
|
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
|
| CVE-2021-26215 |
|
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.
|
| CVE-2020-35273 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2020-35273)
vulnerability in csrf (CVE-2020-35273). Successful exploitation can lead to full system takeover.
|
| CVE-2020-28858 |
|
Cross-Site Request Forgery (CSRF) in openasset (CVE-2020-28858)
vulnerability in openasset (CVE-2020-28858). Successful exploitation can lead to full system takeover.
|
| CVE-2020-23451 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2020-23451)
vulnerability in csrf (CVE-2020-23451). Successful exploitation can lead to full system takeover.
|
| CVE-2020-15711 |
|
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
|
| CVE-2022-30014 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-30014)
vulnerability in csrf (CVE-2022-30014). Successful exploitation can lead to full system takeover.
|