Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-04 | CVE-2020-27692 | Cross-Site Request Forgery (CSRF) vulnerability in Imomobile Verve Connect Vh510 Firmware The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. | 8.8 |
| 2020-11-04 | CVE-2020-22273 | Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Neoflex Video Subscription System 2.0 Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings) | 6.5 |
| 2020-11-04 | CVE-2020-2303 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Active Directory A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials. | 4.3 |
| 2020-11-02 | CVE-2020-28040 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | 4.3 |
| 2020-10-29 | CVE-2020-11485 | Cross-Site Request Forgery (CSRF) vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution. | 8.8 |
| 2020-10-28 | CVE-2020-16256 | Cross-Site Request Forgery (CSRF) vulnerability in Winstonprivacy Winston Firmware 1.5.4 The API on Winston 1.5.4 devices is vulnerable to CSRF. | 8.8 |
| 2020-10-28 | CVE-2020-27975 | Cross-Site Request Forgery (CSRF) vulnerability in Oscommerce osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF. | 8.8 |
| 2020-10-23 | CVE-2020-24847 | Cross-Site Request Forgery (CSRF) vulnerability in Fruitywifi Project Fruitywifi A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. | 4.3 |
| 2020-10-22 | CVE-2020-18129 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.2.7 A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | 8.8 |
| 2020-10-22 | CVE-2020-24033 | Cross-Site Request Forgery (CSRF) vulnerability in FS S3900 24T4S Firmware 1.7.0 An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. | 8.8 |