Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9235 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10914 1 Add From Server Project 1 Add From Server 2024-11-21 N/A
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
CVE-2016-10903 1 Godaddy 1 Godaddy Email Marketing 2024-11-21 N/A
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.
CVE-2016-10902 1 Gowebsolutions 1 Wp Customer Reviews 2024-11-21 N/A
The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.
CVE-2016-10885 1 Benjaminrojas 1 Wp Editor 2024-11-21 N/A
The wp-editor plugin before 1.2.6 for WordPress has CSRF.
CVE-2016-10884 1 Simple-membership-plugin 1 Simple Membership 2024-11-21 8.8 High
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
CVE-2016-10883 1 Mijnpress 1 Simple Add Pages Or Posts 2024-11-21 N/A
The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.
CVE-2016-10882 1 Google Doc Embedder Project 1 Google Doc Embedder 2024-11-21 N/A
The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.
CVE-2016-10876 1 Wpseeds 1 Wp Database Backup 2024-11-21 N/A
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
CVE-2016-10874 1 Wpseeds 1 Wp Database Backup 2024-11-21 8.8 High
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
CVE-2016-10865 1 23systems 1 Lightbox Plus Colorbox 2024-11-21 N/A
The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.
CVE-2016-10863 1 Edimax 4 7237rpd, 7237rpd Firmware, Ew-7438rpn Mini and 1 more 2024-11-21 N/A
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.
CVE-2016-10862 1 Neetcables 2 Airstream Nas, Airstream Nas Firmware 2024-11-21 N/A
Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page.
CVE-2016-10861 1 Neetcables 2 Airstream, Airstream Nas Firmware 2024-11-21 N/A
Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password.
CVE-2016-10834 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
CVE-2016-10825 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
CVE-2016-10766 1 Edx 1 Edx-platform 2024-11-21 8.8 High
edx-platform before 2016-06-06 allows CSRF.
CVE-2016-10757 1 Readaxo 1 Readaxo 2024-11-21 N/A
In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.
CVE-2016-10756 1 Kliqqi 1 Kliqqi Cms 2024-11-21 N/A
Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself.
CVE-2016-10738 1 Castlamp 1 Zenbership 2024-11-21 N/A
Zenbership v107 has CSRF via admin/cp-functions/event-add.php.
CVE-2016-10529 1 Droppy Project 1 Droppy 2024-11-21 N/A
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.