| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2016-10874 |
1 Wpseeds |
1 Wp Database Backup |
2019-10-12 |
6.8 |
| The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. |
| CVE-2019-17431 |
1 Fastadmin |
1 Fastadmin |
2019-10-11 |
6.8 |
| An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. |
| CVE-2015-9455 |
|
|
2019-10-10 |
7.8 |
| The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. |
| CVE-2019-17217 |
|
|
2019-10-10 |
6.8 |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service. |
| CVE-2008-6586 |
1 Utorrent |
1 Utorrent Webui |
2019-10-10 |
6.8 |
| Cross-site request forgery (CSRF) vulnerability in gui/index.php in ?Torrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url... |
| CVE-2019-9883 |
|
|
2019-10-09 |
6.8 |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via... |
| CVE-2019-9882 |
|
|
2019-10-09 |
6.8 |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via... |
| CVE-2019-8991 |
1 Tibco |
5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more |
2019-10-09 |
6.8 |
| The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid,... |
| CVE-2019-6561 |
1 Moxa |
4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more |
2019-10-09 |
6.8 |
| Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. |
| CVE-2019-6166 |
|
|
2019-10-09 |
6.8 |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. |
| CVE-2019-5630 |
1 Rapid7 |
1 Nexpose |
2019-10-09 |
6.8 |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a... |
| CVE-2019-5430 |
1 Ui |
1 Unifi Video |
2019-10-09 |
6.8 |
| In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on... |
| CVE-2019-4515 |
1 Ibm |
1 Security Key Lifecycle Manager |
2019-10-09 |
4.3 |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. |
| CVE-2019-4212 |
1 Ibm |
1 Qradar Security Information And Event Manager |
2019-10-09 |
6.8 |
| IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132. |
| CVE-2019-4167 |
1 Ibm |
1 Storediq |
2019-10-09 |
4.3 |
| IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700. |
| CVE-2019-4142 |
1 Ibm |
1 Cloud Private |
2019-10-09 |
6.8 |
| IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338. |
| CVE-2019-4117 |
1 Ibm |
1 Cloud Private |
2019-10-09 |
6.8 |
| IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116. |
| CVE-2019-3718 |
1 Dell |
1 Supportassist |
2019-10-09 |
6.8 |
| Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems. |
| CVE-2019-3604 |
1 Mcafee |
1 Epolicy Orchestrator |
2019-10-09 |
6.8 |
| Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors. |
| CVE-2019-3410 |
|
|
2019-10-09 |
6.8 |
| All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted... |
