Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2019-12636 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
cisco CWE-352
8.8
8.8
2019-10-16 CVE-2019-10456 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic 1.0.0
A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
4.3
2019-10-16 CVE-2019-10454 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rundeck
A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
4.3
2019-10-16 CVE-2019-10441 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Icescrum
A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
4.3
2019-10-16 CVE-2019-10437 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins CRX Content Package Deployer
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2019-10-16 CVE-2016-11015 Cross-Site Request Forgery (CSRF) vulnerability in Netgear Jnr1010 Firmware
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.
network
low complexity
netgear CWE-352
6.5
6.5
2019-10-15 CVE-2019-17600 Cross-Site Request Forgery (CSRF) vulnerability in Intelbras IWR 1000N Firmware 1.6.4
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
network
low complexity
intelbras CWE-352
critical
 9.8
9.8
2019-10-14 CVE-2019-17593 Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 1.5.1
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
network
low complexity
jizhicms CWE-352
8.8
8.8
2019-10-12 CVE-2019-17521 Cross-Site Request Forgery (CSRF) vulnerability in Landing-Cms Project Landing-Cms 0.0.6
An issue was discovered in Landing-CMS 0.0.6.
network
low complexity
landing-cms-project CWE-352
6.5
6.5
2019-10-11 CVE-2018-20582 Cross-Site Request Forgery (CSRF) vulnerability in Gree Gree+ 1.4.0.8
The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery.
network
low complexity
gree CWE-352
8.8
8.8