Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-06 | CVE-2018-6656 | Cross-Site Request Forgery (CSRF) vulnerability in Zblogcn Z-Blogphp 1.5.1 Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. | 6.5 |
| 2018-02-06 | CVE-2018-6467 | Cross-Site Request Forgery (CSRF) vulnerability in Flickrrss Project Flickrrss 5.3.1 The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php. | 8.8 |
| 2018-02-05 | CVE-2018-6651 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. | 8.8 |
| 2018-02-05 | CVE-2017-9414 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view. | 8.8 |
| 2018-02-05 | CVE-2015-4179 | Cross-Site Request Forgery (CSRF) vulnerability in Codestyling Localization Project Codestyling Localization Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress. | 8.8 |
| 2018-02-02 | CVE-2017-18080 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2018-02-02 | CVE-2017-18042 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2018-02-01 | CVE-2014-9502 | Cross-Site Request Forgery (CSRF) vulnerability in Open Atrium Project Open Atrium Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks. | 8.8 |
| 2018-02-01 | CVE-2018-0509 | Cross-Site Request Forgery (CSRF) vulnerability in Kkcald Project Kkcald 0.7.19/0.7.21 Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2018-01-30 | CVE-2018-6408 | Cross-Site Request Forgery (CSRF) vulnerability in Conceptronic Cipcamptiwl Firmware and Cipcamptiwl web Firmware An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. | 8.8 |