Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-27 | CVE-2015-8536 | Cross-Site Request Forgery (CSRF) vulnerability in Lenovo Solution Center 3.3.0001 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. | 8.8 |
| 2020-03-25 | CVE-2020-2160 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. | 8.8 |
| 2020-03-24 | CVE-2020-7005 | Cross-Site Request Forgery (CSRF) vulnerability in Honeywell Win-Pak 4.7.2 In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. | 8.8 |
| 2020-03-20 | CVE-2019-19025 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | 8.8 |
| 2020-03-19 | CVE-2020-10671 | Cross-Site Request Forgery (CSRF) vulnerability in Canon OCE Colorwave 500 Firmware 4.0.0.0 The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. | 8.8 |
| 2020-03-18 | CVE-2019-12769 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Serv-U Managed File Transfer 15.1.5/15.1.6 SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters. | 8.8 |
| 2020-03-18 | CVE-2020-4199 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Omnibus 8.1.0 IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-03-17 | CVE-2018-21037 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | 8.8 |
| 2020-03-16 | CVE-2020-9346 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | 8.8 |
| 2020-03-16 | CVE-2020-6585 | Cross-Site Request Forgery (CSRF) vulnerability in Nagios 2.1.3 Nagios Log Server 2.1.3 has CSRF. | 8.8 |