Total
6080 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25608 | 1 Yooslider | 1 Yoo Slider | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. | |||||
| CVE-2022-25600 | 2 Fedoraproject, Flippercode | 2 Fedora, Wp Google Map | 2024-11-21 | 6.8 MEDIUM | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). | |||||
| CVE-2022-25599 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | |||||
| CVE-2022-25576 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 3.5 LOW | 4.5 MEDIUM |
| Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. | |||||
| CVE-2022-25523 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. | |||||
| CVE-2022-25268 | 1 Passwork | 1 Passwork | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. | |||||
| CVE-2022-25242 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 5.1 MEDIUM | 8.8 HIGH |
| In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF). | |||||
| CVE-2022-25241 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 5.1 MEDIUM | 8.8 HIGH |
| In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF). | |||||
| CVE-2022-25212 | 1 Jenkins | 1 Swamp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | |||||
| CVE-2022-25207 | 1 Jenkins | 1 Chef Sinatra | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | |||||
| CVE-2022-25205 | 1 Jenkins | 1 Dbcharts | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance. | |||||
| CVE-2022-25200 | 1 Jenkins | 1 Checkmarx | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-25198 | 1 Jenkins | 1 Scp Publisher | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2022-25194 | 1 Jenkins | 1 Autonomiq | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials. | |||||
| CVE-2022-25192 | 1 Jenkins | 1 Snow Commander | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-24947 | 1 Apache | 1 Jspwiki | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later. | |||||
| CVE-2022-24879 | 1 Shopware | 1 Shopware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. | |||||
| CVE-2022-24712 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery (CSRF) protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for this vulnerability, but users will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF protection may be bypassed. If auto-routing is enabled, check the request method in the controller method before processing. If auto-routing is disabled, either avoid using `$routes->add()` and instead use HTTP verbs in routes; or check the request method in the controller method before processing. | |||||
| CVE-2022-24342 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. | |||||
| CVE-2022-24235 | 1 Snapt | 1 Aria | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | |||||