Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-08 | CVE-2019-14679 | Cross-Site Request Forgery (CSRF) vulnerability in Reputeinfosystems Arprice Lite 2.2 core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF. | 6.5 |
| 2019-08-08 | CVE-2019-1958 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2019-08-07 | CVE-2019-10388 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Relution Enterprise Appstore Publisher 1.0/1.24 A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | 4.3 |
| 2019-08-07 | CVE-2019-10386 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins XL Testview A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-08-07 | CVE-2019-10368 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jclouds A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-08-07 | CVE-2016-10861 | Cross-Site Request Forgery (CSRF) vulnerability in Neetcables Airstream NAS Firmware 1.1 Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password. | 6.5 |
| 2019-08-06 | CVE-2019-14703 | Cross-Site Request Forgery (CSRF) vulnerability in Microdigital products A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. | 8.8 |
| 2019-08-06 | CVE-2019-14346 | Cross-Site Request Forgery (CSRF) vulnerability in Schben Adive 2.0.7 Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. | 8.8 |
| 2019-08-03 | CVE-2019-14551 | Cross-Site Request Forgery (CSRF) vulnerability in Daskeyboard DAS Q Software Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive. | 9.8 |
| 2019-08-02 | CVE-2019-7947 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 6.5 |