Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-08 | CVE-2014-0594 | Cross-Site Request Forgery (CSRF) vulnerability in Opensuse Open Build Service In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. | 8.8 |
| 2018-06-08 | CVE-2018-8925 | Cross-Site Request Forgery (CSRF) vulnerability in Synology Photo Station Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. | 8.8 |
| 2018-06-07 | CVE-2018-1514 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Robotic Process Automation With Automation Anywhere 10.0 IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-06-06 | CVE-2017-7906 | Cross-Site Request Forgery (CSRF) vulnerability in ABB IP Gateway Firmware 3.39 In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user. | 8.8 |
| 2018-06-05 | CVE-2018-1000195 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not. | 4.3 |
| 2018-06-05 | CVE-2017-7635 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections. | 8.8 |
| 2018-06-02 | CVE-2018-11680 | Cross-Site Request Forgery (CSRF) vulnerability in Cmseasy 6.0 An issue was discovered in CmsEasy 6.1_20180508. | 6.5 |
| 2018-06-02 | CVE-2018-11679 | Cross-Site Request Forgery (CSRF) vulnerability in Cmseasy 6.0 An issue was discovered in CmsEasy 6.1_20180508. | 8.8 |
| 2018-06-01 | CVE-2018-11538 | Cross-Site Request Forgery (CSRF) vulnerability in Searchblox 8.6.6 servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | 8.8 |
| 2018-06-01 | CVE-2018-11671 | Cross-Site Request Forgery (CSRF) vulnerability in Njtech Greencms 2.3.0603 An issue was discovered in GreenCMS v2.3.0603. | 8.8 |