Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-20	CVE-2018-1000858	Cross-Site Request Forgery (CSRF) vulnerability in multiple products GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. network gnupg canonical CWE-352	6.8
2018-12-20	CVE-2018-1000846	Cross-Site Request Forgery (CSRF) vulnerability in Freshdns Project Freshdns FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. network freshdns-project CWE-352	6.8
2018-12-20	CVE-2018-1000843	Cross-Site Request Forgery (CSRF) vulnerability in Spotify Luigi Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. network low complexity spotify CWE-352	8.8
2018-12-20	CVE-2018-1661	Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. network ibm CWE-352	6.8
2018-12-19	CVE-2018-20231	Cross-Site Request Forgery (CSRF) vulnerability in Simbahosting Two-Factor-Authentication Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. network simbahosting CWE-352	6.8
2018-12-18	CVE-2018-19829	Cross-Site Request Forgery (CSRF) vulnerability in Artica Integria IMS 5.0.83 Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. network artica CWE-352	5.8
2018-12-18	CVE-2018-18921	Cross-Site Request Forgery (CSRF) vulnerability in PHPservermonitor PHP Server Monitor PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. network phpservermonitor CWE-352	5.8
2018-12-17	CVE-2018-20188	Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.3 FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. network thedaylightstudio CWE-352	6.8
2018-12-17	CVE-2018-18246	Cross-Site Request Forgery (CSRF) vulnerability in Icinga web 2 Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. network icinga CWE-352	4.3
2018-12-12	CVE-2018-1926	Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. network ibm CWE-352	6.8