Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-12 | CVE-2019-15934 | Cross-Site Request Forgery (CSRF) vulnerability in Intesync Solismed 3.3 Intesync Solismed 3.3sp has CSRF. | 8.8 |
| 2019-12-11 | CVE-2019-0398 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. | 8.8 |
| 2019-12-11 | CVE-2014-0026 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Subscription Asset Manager 1.0.0 katello-headpin is vulnerable to CSRF in REST API | 6.5 |
| 2019-12-10 | CVE-2019-4095 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud PAK System 2.3/2.3.0.1 IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2019-12-09 | CVE-2019-19685 | Cross-Site Request Forgery (CSRF) vulnerability in Nopcommerce 4.20 RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. | 8.8 |
| 2019-12-04 | CVE-2019-16752 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. | 4.3 |
| 2019-12-04 | CVE-2019-18346 | Cross-Site Request Forgery (CSRF) vulnerability in Davical A CSRF issue was discovered in DAViCal through 1.1.8. | 8.8 |
| 2019-12-02 | CVE-2019-19516 | Cross-Site Request Forgery (CSRF) vulnerability in Intelbras WRN 150 Firmware 1.0.18 Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password. | 6.5 |
| 2019-11-28 | CVE-2019-19375 | Cross-Site Request Forgery (CSRF) vulnerability in Octopus Deploy In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. | 5.3 |
| 2019-11-26 | CVE-2019-17590 | Cross-Site Request Forgery (CSRF) vulnerability in CSRF Magic Project CSRF Magic 20160327 The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. | 8.8 |