Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7857 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation. | ||||
| CVE-2019-7851 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | ||||
| CVE-2019-7746 | 1 Jio | 2 Jmr1140, Jmr1140 Firmware | 2024-11-21 | N/A |
| JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset. | ||||
| CVE-2019-7738 | 1 C.p.sub Project | 1 C.p.sub | 2024-11-21 | N/A |
| C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. | ||||
| CVE-2019-7737 | 1 Verydows | 1 Verydows | 2024-11-21 | N/A |
| A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. | ||||
| CVE-2019-7730 | 1 Mywebsql | 1 Mywebsql | 2024-11-21 | N/A |
| MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI. | ||||
| CVE-2019-7654 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 6.5 Medium |
| Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5. | ||||
| CVE-2019-7616 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.9 Medium |
| Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. | ||||
| CVE-2019-7570 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A |
| A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. | ||||
| CVE-2019-7569 | 1 Wdoyo | 1 Doyo | 2024-11-21 | N/A |
| An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1. | ||||
| CVE-2019-7566 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | N/A |
| CSZ CMS 1.1.8 has CSRF via admin/users/new/add. | ||||
| CVE-2019-7440 | 1 Jio | 2 Jiofi 4g M2s, Jiofi 4g M2s Firmware | 2024-11-21 | N/A |
| JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). | ||||
| CVE-2019-7433 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2024-11-21 | N/A |
| PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||||
| CVE-2019-7402 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF. | ||||
| CVE-2019-7391 | 1 Zyxel | 4 Dsl-491hnu-b10b, Dsl-491hnu-b10b Firmware, Dsl-491hnu-b1b V2 and 1 more | 2024-11-21 | N/A |
| ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. | ||||
| CVE-2019-7357 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 8.8 High |
| Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins. | ||||
| CVE-2019-7346 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. | ||||
| CVE-2019-7281 | 1 Primasystems | 1 Flexair | 2024-11-21 | 8.8 High |
| Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. | ||||
| CVE-2019-7273 | 1 Optergy | 2 Enterprise, Proton | 2024-11-21 | 8.8 High |
| Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). | ||||
| CVE-2019-7270 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2024-11-21 | 8.8 High |
| Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). | ||||