AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover.
CWE-352
CVE-2019-14526
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.
CVE-2019-14327
A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings.
CVE-2019-14328
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
CVE-2019-14346
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
CVE-2019-14304
Ricoh SP C250DN 1.06 devices allow CSRF.