Total
6084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23227 | 1 Php Everywhere Project | 1 Php Everywhere | 2024-11-21 | 6.8 MEDIUM | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere pluginĀ <= 2.0.2 versions. | |||||
| CVE-2021-23163 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 6.8 MEDIUM | 3.1 LOW |
| JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. | |||||
| CVE-2021-23026 | 1 F5 | 15 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 12 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-22954 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users. | |||||
| CVE-2021-22953 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" | |||||
| CVE-2021-22950 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" | |||||
| CVE-2021-22949 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" | |||||
| CVE-2021-22725 | 1 Schneider-electric | 12 Evb1a, Evb1a Firmware, Evc1s22p4 and 9 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | |||||
| CVE-2021-22724 | 1 Schneider-electric | 12 Evb1a, Evb1a Firmware, Evc1s22p4 and 9 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | |||||
| CVE-2021-22701 | 1 Schneider-electric | 21 Powerlogic Ion7400, Powerlogic Ion7400 Firmware, Powerlogic Ion7410 and 18 more | 2024-11-21 | 3.5 LOW | 4.5 MEDIUM |
| A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface. | |||||
| CVE-2021-22512 | 1 Microfocus | 1 Application Automation Tools | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks. | |||||
| CVE-2021-22500 | 1 Microfocus | 1 Application Performance Management | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing. | |||||
| CVE-2021-22224 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 7.1 HIGH |
| A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | |||||
| CVE-2021-22202 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 2.4 LOW |
| An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. | |||||
| CVE-2021-21745 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. | |||||
| CVE-2021-21731 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04 | |||||
| CVE-2021-21729 | 1 Zte | 4 Zxhn H108n, Zxhn H108n Firmware, Zxhn H168n and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 | |||||
| CVE-2021-21679 | 1 Jenkins | 1 Azure Ad | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2021-21678 | 1 Jenkins | 1 Saml | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2021-21675 | 1 Jenkins | 1 Requests | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. | |||||