2020

2019

2018

CVE-2018-8764 (v3: 8.8) 27 Mar 2018
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.

2017

2016

2015

CVE-2015-5395 (v3: 8.8) 20 Sep 2017
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

2014

CVE-2014-4510 (v2: 4.3) 6 Oct 2014
Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-5204 (v2: 6.8) 18 Aug 2014
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.

2013

2012

2011