Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-19 | CVE-2021-3963 | Cross-Site Request Forgery (CSRF) vulnerability in Kimai 2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 |
| 2021-11-17 | CVE-2021-41273 | Cross-Site Request Forgery (CSRF) vulnerability in Pterodactyl Panel Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. | 4.3 |
| 2021-11-17 | CVE-2021-24853 | Cross-Site Request Forgery (CSRF) vulnerability in QR Redirector Project QR Redirector The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects | 4.3 |
| 2021-11-16 | CVE-2021-25965 | Cross-Site Request Forgery (CSRF) vulnerability in Janeczku Calibre-Web In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). | 8.8 |
| 2021-11-16 | CVE-2021-25976 | Cross-Site Request Forgery (CSRF) vulnerability in Dotnetfoundation Piranha CMS In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. | 8.1 |
| 2021-11-12 | CVE-2020-21141 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.15 iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | 8.8 |
| 2021-11-10 | CVE-2020-28137 | Cross-Site Request Forgery (CSRF) vulnerability in Genexis Platinum 4410 Firmware P4410V21.28 Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router. | 6.5 |
| 2021-11-10 | CVE-2021-40518 | Cross-Site Request Forgery (CSRF) vulnerability in Airangel products Airangel HSMX Gateway devices through 5.2.04 allow CSRF. | 6.5 |
| 2021-11-10 | CVE-2021-41426 | Cross-Site Request Forgery (CSRF) vulnerability in Beeline Smart BOX Firmware 2.0.38 Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. | 8.8 |
| 2021-11-08 | CVE-2021-24674 | Cross-Site Request Forgery (CSRF) vulnerability in Genie WP Favicon Project Genie WP Favicon The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack | 6.5 |