Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8514 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-18607 1 Theme-fusion 1 Avada 2024-11-21 8.8 High
The avada theme before 5.1.5 for WordPress has CSRF.
CVE-2017-18569 1 Mythemeshop 1 My Wp Translate 2024-11-21 N/A
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
CVE-2017-18547 1 Neliosoftware 1 Nelio Ab Testing 2024-11-21 N/A
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
CVE-2017-18546 1 Jayj Quicktag Project 1 Jayj Quicktag 2024-11-21 N/A
The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
CVE-2017-18544 1 Invite Anyone Project 1 Invite Anyone 2024-11-21 N/A
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
CVE-2017-18523 1 Eelv Newsletter Project 1 Eelv Newsletter 2024-11-21 N/A
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
CVE-2017-18521 1 Wp-kama 1 Democracy Poll 2024-11-21 N/A
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
CVE-2017-18513 1 Expresstech 1 Responsive Menu 2024-11-21 N/A
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
CVE-2017-18512 1 Supsystic 1 Newsletter By Supsystic 2024-11-21 N/A
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
CVE-2017-18511 1 Wpmudev 1 Custom Sidebars 2024-11-21 N/A
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
CVE-2017-18510 1 Wpmudev 1 Custom Sidebars 2024-11-21 N/A
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
CVE-2017-18504 1 Wpdeveloper 1 Twitter Cards Meta 2024-11-21 N/A
The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.
CVE-2017-18485 1 Elementalpath 2 Cognitoys Dino, Cognitoys Dino Firmware 2024-11-21 N/A
Cognitoys Dino devices allow profiles_add.html CSRF.
CVE-2017-18366 1 Intelliants 1 Subrion Cms 2024-11-21 N/A
Subrion CMS 4.1.5 has CSRF in blog/delete/.
CVE-2017-18107 1 Atlassian 1 Crowd 2024-11-21 6.5 Medium
Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.
CVE-2017-18080 1 Atlassian 1 Bamboo 2024-11-21 N/A
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
CVE-2017-18042 1 Atlassian 1 Bamboo 2024-11-21 N/A
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
CVE-2017-18033 1 Atlassian 1 Jira 2024-11-21 N/A
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.
CVE-2017-17835 1 Apache 1 Airflow 2024-11-21 N/A
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.
CVE-2017-17550 1 Zyxel 2 Zywall Usg 100, Zywall Usg 100 Firmware 2024-11-21 N/A
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.