Total
6085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6508 | 1 Creditease-sec | 1 Insight | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF. | |||||
| CVE-2019-6507 | 1 Creditease-sec | 1 Insight | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF. | |||||
| CVE-2019-6325 | 1 Hp | 20 T6b80a, T6b80a Firmware, T6b81a and 17 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery. | |||||
| CVE-2019-6320 | 1 Hp | 16 Deskjet 3630 F5s43a, Deskjet 3630 F5s43a Firmware, Deskjet 3630 F5s57a and 13 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration. | |||||
| CVE-2019-6319 | 1 Hp | 16 Deskjet 3630 F5s43a, Deskjet 3630 F5s43a Firmware, Deskjet 3630 F5s57a and 13 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration. | |||||
| CVE-2019-6294 | 1 Easycms | 1 Easycms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI. | |||||
| CVE-2019-6282 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. | |||||
| CVE-2019-6249 | 1 Hucart | 1 Hucart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add. | |||||
| CVE-2019-6244 | 1 Usualtool | 1 Usualtoolcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file. | |||||
| CVE-2019-6166 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. | |||||
| CVE-2019-6030 | 1 Custom Body Class Project | 1 Custom Body Class | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-6027 | 1 Wpspellcheck | 1 Wpspellcheck | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-5993 | 1 Tipsandtricks-hq | 1 Category Specific Rss Feed Subscription | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-5992 | 1 Ultra-prod | 1 Wordpress Ultra Simple Paypal Shopping Cart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-5986 | 2 Ntt-east, Ntt-west | 92 Pr-400ki, Pr-400ki Firmware, Pr-400mi and 89 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-5984 | 1 Waspthemes | 1 Custom Css Pro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-5983 | 1 Fla-shop | 1 Html5 Maps | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-5980 | 1 Meomundo | 1 Related Youtube Videos | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Related YouTube Videos versions prior to 1.9.9 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-5979 | 1 Najeebmedia | 1 Personalized Woocommerce Cart Page | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2019-5974 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||