Total
6068 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2389 | 1 Funnelkit | 1 Funnelkit Automations | 2024-02-28 | N/A | 4.3 MEDIUM |
| The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations | |||||
| CVE-2022-36225 | 1 Eyoucms | 1 Eyoucms | 2024-02-28 | N/A | 8.8 HIGH |
| EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | |||||
| CVE-2022-41474 | 1 Rpcms | 1 Rpcms | 2024-02-28 | N/A | 6.5 MEDIUM |
| RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. | |||||
| CVE-2022-43693 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | N/A | 8.8 HIGH |
| Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. | |||||
| CVE-2022-34937 | 1 Yuba | 1 U5cms | 2024-02-28 | N/A | 8.8 HIGH |
| Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. | |||||
| CVE-2022-33177 | 1 Wpbookingcalendar | 1 Booking Calendar | 2024-02-28 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations Update. | |||||
| CVE-2022-35285 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-02-28 | N/A | 8.8 HIGH |
| IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812. | |||||
| CVE-2022-45398 | 1 Jenkins | 1 Cluster Statistics | 2024-02-28 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | |||||
| CVE-2022-29454 | 1 Wordplus | 1 Better Messages | 2024-02-28 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. | |||||
| CVE-2022-2377 | 1 Wpwax | 1 Directorist | 2024-02-28 | N/A | 4.3 MEDIUM |
| The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog | |||||
| CVE-2022-41500 | 1 Eyoucms | 1 Eyoucms | 2024-02-28 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. | |||||
| CVE-2021-29823 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-28 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. | |||||
| CVE-2022-2233 | 1 Banner Cycler Project | 1 Banner Cycler | 2024-02-28 | N/A | 8.8 HIGH |
| The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site’s administrator into performing an action such as clicking on a link | |||||
| CVE-2022-23680 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2024-02-28 | N/A | 8.8 HIGH |
| AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2022-43488 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2024-02-28 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration. | |||||
| CVE-2022-3121 | 1 Online Employee Leave Management System Project | 1 Online Employee Leave Management System | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability. | |||||
| CVE-2022-3126 | 1 Najeebmedia | 1 Frontend File Manager Plugin | 2024-02-28 | N/A | 4.3 MEDIUM |
| The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf | |||||
| CVE-2022-42199 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2024-02-28 | N/A | 8.8 HIGH |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List. | |||||
| CVE-2022-42077 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | |||||
| CVE-2022-36908 | 1 Jenkins | 1 Openshift Deployer | 2024-02-28 | N/A | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | |||||