Total
7923 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16659 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 8.8 High |
| TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | ||||
| CVE-2019-16658 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 8.8 High |
| TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | ||||
| CVE-2019-16575 | 1 Jenkins | 1 Alauda Kubernetes Support | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | ||||
| CVE-2019-16573 | 1 Jenkins | 1 Alauda Devops Pipeline | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-16570 | 1 Jenkins | 1 Rapiddeploy | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. | ||||
| CVE-2019-16569 | 1 Jenkins | 1 Mantis | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | ||||
| CVE-2019-16565 | 1 Jenkins | 1 Team Concert | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-16560 | 1 Jenkins | 1 Websphere Deployer | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | ||||
| CVE-2019-16553 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | ||||
| CVE-2019-16551 | 1 Jenkins | 1 Gerrit Trigger | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. | ||||
| CVE-2019-16550 | 1 Jenkins | 1 Maven | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents. | ||||
| CVE-2019-16548 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | ||||
| CVE-2019-16531 | 1 Layerbb | 1 Layerbb | 2024-11-21 | 8.8 High |
| LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. | ||||
| CVE-2019-16513 | 1 Connectwise | 1 Control | 2024-11-21 | 8.8 High |
| An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests. | ||||
| CVE-2019-16326 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. A remote attacker could exploit this in conjunction with CVE-2019-16327 to enable remote router management and device compromise. NOTE: this is an end-of-life product. | ||||
| CVE-2019-16311 | 1 Niushop | 1 Niushop | 2024-11-21 | 8.8 High |
| NIUSHOP V1.11 has CSRF via search_info to index.php. | ||||
| CVE-2019-16107 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 4.3 Medium |
| Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments. | ||||
| CVE-2019-16099 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2024-11-21 | N/A |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. | ||||
| CVE-2019-16068 | 1 Netsas | 1 Enigma Network Management Solution | 2024-11-21 | 8.8 High |
| A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site. | ||||
| CVE-2019-16059 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | N/A |
| Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. | ||||