Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2018-02-01 CVE-2018-0509 Cross-Site Request Forgery (CSRF) vulnerability in Kkcald Project Kkcald 0.7.19/0.7.21
Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.
network
low complexity
kkcald-project CWE-352
8.8
8.8
2018-01-30 CVE-2018-6408 Cross-Site Request Forgery (CSRF) vulnerability in Conceptronic Cipcamptiwl Firmware and Cipcamptiwl web Firmware
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices.
network
low complexity
conceptronic CWE-352
8.8
8.8
2018-01-29 CVE-2018-6391 Cross-Site Request Forgery (CSRF) vulnerability in Netis-Systems Wf2419 Firmware 2.2.36123
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices.
network
low complexity
netis-systems CWE-352
8.8
8.8
2018-01-29 CVE-2017-1000356 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.
network
low complexity
jenkins CWE-352
8.8
8.8
2018-01-29 CVE-2017-4951 Cross-Site Request Forgery (CSRF) vulnerability in VMWare Airwatch
VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog.
network
low complexity
vmware CWE-352
8.8
8.8
2018-01-29 CVE-2018-6007 Cross-Site Request Forgery (CSRF) vulnerability in Joomsky JS Support Ticket 1.1.0
CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket.
network
low complexity
joomsky CWE-352
8.8
8.8
2018-01-29 CVE-2018-5720 Cross-Site Request Forgery (CSRF) vulnerability in Dodocool Dc38 Firmware Rtn2Aw.Gd.R3465.1.20161103
An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices.
network
low complexity
dodocool CWE-352
8.8
8.8
2018-01-24 CVE-2017-1000504 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization.
network
high complexity
jenkins CWE-352
8.1
8.1
2018-01-24 CVE-2017-1769 Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Process Manager 8.6.0.0
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2018-01-24 CVE-2018-5976 Cross-Site Request Forgery (CSRF) vulnerability in Rsvp Invitation Online Project Rsvp Invitation Online 1.0
Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.
network
low complexity
rsvp-invitation-online-project CWE-352
8.8
8.8