Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-17 | CVE-2019-10353 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. | 7.5 |
| 2019-07-16 | CVE-2019-13611 | Cross-Site Request Forgery (CSRF) vulnerability in Python-Engineio Project Python-Engineio An issue was discovered in python-engineio through 3.8.2. | 8.8 |
| 2019-07-14 | CVE-2019-13594 | Cross-Site Request Forgery (CSRF) vulnerability in Mirumee Saleor 2.7.0 In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. | 8.8 |
| 2019-07-11 | CVE-2019-13563 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. | 8.8 |
| 2019-07-11 | CVE-2019-12363 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb-2Fa Project Mybb-2Fa 20141105 An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. | 8.8 |
| 2019-07-11 | CVE-2019-10340 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Docker A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-07-10 | CVE-2019-12466 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Wikimedia MediaWiki through 1.32.1 allows CSRF. | 8.8 |
| 2019-07-10 | CVE-2019-13071 | Cross-Site Request Forgery (CSRF) vulnerability in Cyberpowersystems Powerpanel 3.4.0 CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. | 8.8 |
| 2019-07-10 | CVE-2018-12628 | Cross-Site Request Forgery (CSRF) vulnerability in Eventum Project Eventum An issue was discovered in Eventum 3.5.0. | 8.8 |
| 2019-07-08 | CVE-2019-12923 | Cross-Site Request Forgery (CSRF) vulnerability in Mailenable In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. | 6.5 |