Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-08 | CVE-2019-14680 | Cross-Site Request Forgery (CSRF) vulnerability in Mijnpress Admin-Renamer-Extended 3.2.1 The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. | 5.7 |
2019-08-08 | CVE-2019-14679 | Cross-Site Request Forgery (CSRF) vulnerability in Reputeinfosystems Arprice Lite 2.2 core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF. | 4.3 |
2019-08-08 | CVE-2019-1958 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hyperflex HX Data Platform A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.8 |
2019-08-07 | CVE-2019-10388 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Relution Enterprise Appstore Publisher 1.0/1.24 A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | 4.3 |
2019-08-07 | CVE-2019-10386 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins XL Testview A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
2019-08-07 | CVE-2019-10368 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jclouds A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
2019-08-07 | CVE-2016-10861 | Cross-Site Request Forgery (CSRF) vulnerability in Neetcables Airstream NAS Firmware 1.1 Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password. | 4.3 |
2019-08-06 | CVE-2019-14703 | Cross-Site Request Forgery (CSRF) vulnerability in Microdigital products A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. | 6.8 |
2019-08-06 | CVE-2019-14346 | Cross-Site Request Forgery (CSRF) vulnerability in Schben Adive 2.0.7 Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. | 4.3 |
2019-08-03 | CVE-2019-14551 | Cross-Site Request Forgery (CSRF) vulnerability in Daskeyboard DAS Q Software Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive. | 7.5 |