| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-16447 |
1 Frogcms Project |
1 Frogcms |
2019-02-20 |
6.8 |
| Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. |
| CVE-2019-1003012 |
1 Jenkins |
1 Blue Ocean |
2019-02-20 |
4.3 |
| A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js,... |
| CVE-2019-1000022 |
|
|
2019-02-20 |
6.8 |
| Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via... |
| CVE-2018-16634 |
1 Pluck-cms |
1 Pluck |
2019-02-20 |
6.8 |
| Pluck v4.7.7 allows CSRF via admin.php?action=settings. |
| CVE-2019-0267 |
1 Sap |
1 Manufacturing Integration And Intelligence |
2019-02-20 |
6.8 |
| SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application. |
| CVE-2019-8902 |
1 Idreamsoft |
1 Icms |
2019-02-19 |
4.9 |
| An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. |
| CVE-2019-8910 |
1 Wtcms Project |
1 Wtcms |
2019-02-19 |
6.8 |
| An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF. |
| CVE-2019-1658 |
1 Cisco |
1 Unified Intelligence Center |
2019-02-15 |
4.3 |
| A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.... |
| CVE-2019-1000003 |
1 Mapsvg |
1 Mapsvg Lite |
2019-02-15 |
6.8 |
| MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This... |
| CVE-2018-6907 |
1 Rainmachine |
1 Rainmachine Web Application |
2019-02-15 |
6.8 |
| A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. |
| CVE-2019-8347 |
1 Beescms |
1 Beescms |
2019-02-15 |
6.8 |
| BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI. |
| CVE-2018-6342 |
|
|
2019-02-14 |
9.3 |
| react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network... |
| CVE-2018-1000858 |
2 Gnupg, Canonical |
2 Gnupg, Ubuntu Linux |
2019-02-13 |
6.8 |
| GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD... |
| CVE-2019-7738 |
|
|
2019-02-13 |
5.8 |
| C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. |
| CVE-2019-7737 |
1 Verydows |
1 Verydows |
2019-02-12 |
6.8 |
| A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. |
| CVE-2019-7730 |
1 Mywebsql |
1 Mywebsql |
2019-02-12 |
4.9 |
| MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI. |
| CVE-2019-1003017 |
1 Jenkins |
1 Job Import |
2019-02-11 |
2.6 |
| A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to... |
| CVE-2018-20780 |
1 Traq |
1 Traq |
2019-02-11 |
6.8 |
| Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). |
| CVE-2019-1003016 |
1 Jenkins |
1 Job Import |
2019-02-08 |
4.3 |
| An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,... |
| CVE-2019-1003022 |
1 Jenkins |
1 Monitoring |
2019-02-08 |
4.3 |
| A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. |
