Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-05-19 CVE-2021-29624 Cross-Site Request Forgery (CSRF) vulnerability in Fastify Fastify-Csrf
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks.
network
low complexity
fastify CWE-352
6.5
6.5
2021-05-18 CVE-2020-24740 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.10
An issue was discovered in Pluck 4.7.10-dev2.
network
low complexity
pluck-cms CWE-352
4.3
4.3
2021-05-17 CVE-2020-18195 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
network
low complexity
pluck-cms CWE-352
8.8
8.8
2021-05-17 CVE-2020-18198 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.9
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
network
low complexity
pluck-cms CWE-352
8.8
8.8
2021-05-17 CVE-2021-32402 Cross-Site Request Forgery (CSRF) vulnerability in Intelbras RF 301K Firmware 1.1.2
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.
network
low complexity
intelbras CWE-352
8.8
8.8
2021-05-17 CVE-2021-32403 Cross-Site Request Forgery (CSRF) vulnerability in Intelbras RF 301K Firmware 1.1.2
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.
network
low complexity
intelbras CWE-352
8.8
8.8
2021-05-15 CVE-2021-32073 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
network
low complexity
dedecms CWE-352
8.8
8.8
2021-05-11 CVE-2020-18964 Cross-Site Request Forgery (CSRF) vulnerability in Forestblog Project Forestblog 20190404
Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.
network
low complexity
forestblog-project CWE-352
8.8
8.8
2021-05-11 CVE-2021-21652 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
7.1
7.1
2021-05-11 CVE-2021-21655 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins P4
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
network
low complexity
jenkins CWE-352
7.1
7.1