Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-06 | CVE-2014-5280 | Cross-Site Request Forgery (CSRF) vulnerability in Boot2Docker boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication. | 8.8 |
| 2018-02-06 | CVE-2018-6288 | Cross-Site Request Forgery (CSRF) vulnerability in Kaspersky Secure Mail Gateway 1.1 Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | 8.8 |
| 2018-02-06 | CVE-2018-6656 | Cross-Site Request Forgery (CSRF) vulnerability in Zblogcn Z-Blogphp 1.5.1 Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. | 6.5 |
| 2018-02-06 | CVE-2018-6467 | Cross-Site Request Forgery (CSRF) vulnerability in Flickrrss Project Flickrrss 5.3.1 The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php. | 8.8 |
| 2018-02-05 | CVE-2018-6651 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. | 8.8 |
| 2018-02-05 | CVE-2017-9414 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view. | 8.8 |
| 2018-02-05 | CVE-2015-4179 | Cross-Site Request Forgery (CSRF) vulnerability in Codestyling Localization Project Codestyling Localization Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress. | 8.8 |
| 2018-02-02 | CVE-2017-18080 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2018-02-02 | CVE-2017-18042 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2018-02-01 | CVE-2014-9502 | Cross-Site Request Forgery (CSRF) vulnerability in Open Atrium Project Open Atrium Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks. | 8.8 |