Total
7396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16099 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. | |||||
| CVE-2019-16068 | 1 Netsas | 1 Enigma Network Management Solution | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site. | |||||
| CVE-2019-16059 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. | |||||
| CVE-2019-16009 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-21 | 7.6 HIGH | 8.8 HIGH |
| A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device. | |||||
| CVE-2019-16002 | 1 Cisco | 1 Sd-wan Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected instance of vManage. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. | |||||
| CVE-2019-15934 | 1 Intesync | 1 Solismed | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Intesync Solismed 3.3sp has CSRF. | |||||
| CVE-2019-15868 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. | |||||
| CVE-2019-15865 | 1 Holest | 1 Breadcrumbs By Menu | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. | |||||
| CVE-2019-15841 | 1 Facebook | 1 Facebook For Woocommerce | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | |||||
| CVE-2019-15840 | 1 Facebook | 1 Facebook For Woocommerce | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | |||||
| CVE-2019-15835 | 1 Wp Better Permalinks Project | 1 Wp Better Permalinks | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. | |||||
| CVE-2019-15834 | 1 Webp Converter For Media Project | 1 Webp Converter For Media | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. | |||||
| CVE-2019-15832 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | |||||
| CVE-2019-15831 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | |||||
| CVE-2019-15828 | 1 Tribulant | 1 One Click Ssl | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. | |||||
| CVE-2019-15781 | 1 Weblizar | 1 Social Likebox \& Feed | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. | |||||
| CVE-2019-15779 | 1 Quadlayers | 1 Wp Social Feed Gallery | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. | |||||
| CVE-2019-15770 | 1 Hallme | 1 Woocommerce Address Book | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. | |||||
| CVE-2019-15769 | 1 Haktansuren | 1 Handl Utm Grabber | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. | |||||
| CVE-2019-15660 | 1 Butlerblog | 1 Wp-members | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-members plugin before 3.2.8 for WordPress has CSRF. | |||||