NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R690…

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0…

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 thro…

In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attack…

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow rem…

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and ea…

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter…

Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the…

Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 a…

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apach…

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification…

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web brow…

diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, a…

A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attack…

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Executi…

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) w…

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextsel…

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to …

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page …

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which,…

mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy…

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-adm…

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and e…

The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have…

Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers…

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before …

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting …

Azure CLI REST Command Information Disclosure Vulnerability

An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an at…

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1…

A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless C…

Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).

Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic…

Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (vi…

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media s…

goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arb…

ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.

AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.

A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible f…