Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-1000843 | Cross-Site Request Forgery (CSRF) vulnerability in Spotify Luigi Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. | 8.8 |
| 2018-12-20 | CVE-2018-1661 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-12-19 | CVE-2018-20231 | Cross-Site Request Forgery (CSRF) vulnerability in Simbahosting Two-Factor-Authentication Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. | 8.8 |
| 2018-12-18 | CVE-2018-19829 | Cross-Site Request Forgery (CSRF) vulnerability in Artica Integria IMS 5.0.83 Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | 6.5 |
| 2018-12-18 | CVE-2018-18921 | Cross-Site Request Forgery (CSRF) vulnerability in PHPservermonitor PHP Server Monitor PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. | 6.5 |
| 2018-12-17 | CVE-2018-20188 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.3 FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. | 8.8 |
| 2018-12-17 | CVE-2018-18246 | Cross-Site Request Forgery (CSRF) vulnerability in Icinga web 2 Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. | 6.5 |
| 2018-12-12 | CVE-2018-1926 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. | 8.8 |
| 2018-12-11 | CVE-2018-19969 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. | 8.8 |
| 2018-12-10 | CVE-2018-20015 | Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.2 YzmCMS v5.2 has admin/role/add.html CSRF. | 8.8 |