Total
6078 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41634 | 1 Maxfoundry | 1 Media Library Folders | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. | |||||
| CVE-2022-41633 | 1 Peepso | 1 Peepso | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions. | |||||
| CVE-2022-41622 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
| In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-41620 | 1 Seosamba | 1 Seosamba | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions. | |||||
| CVE-2022-41615 | 1 Agilelogix | 1 Store Locator | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. | |||||
| CVE-2022-41608 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions. | |||||
| CVE-2022-41500 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. | |||||
| CVE-2022-41489 | 1 Wayos | 12 Lq-04, Lq-04 Firmware, Lq-05 and 9 more | 2024-11-21 | N/A | 8.1 HIGH |
| WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm. | |||||
| CVE-2022-41475 | 1 Rpcms | 1 Rpcms | 2024-11-21 | N/A | 8.8 HIGH |
| RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. | |||||
| CVE-2022-41474 | 1 Rpcms | 1 Rpcms | 2024-11-21 | N/A | 6.5 MEDIUM |
| RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. | |||||
| CVE-2022-41413 | 1 Perfsonar | 1 Perfsonar | 2024-11-21 | N/A | 4.3 MEDIUM |
| perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | |||||
| CVE-2022-41297 | 1 Ibm | 3 Db2 On Cloud Pak For Data, Db2 Warehouse On Cloud Pak For Data, Db2u | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212. | |||||
| CVE-2022-41296 | 1 Ibm | 2 Db2, Db2 Warehouse | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210. | |||||
| CVE-2022-41263 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application. | |||||
| CVE-2022-41253 | 1 Jenkins | 1 Cons3rt | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41249 | 1 Jenkins | 1 Scm Httpclient | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41245 | 1 Jenkins | 1 Worksoft Execution Manager | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41236 | 1 Jenkins | 1 Security Inspector | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options. | |||||
| CVE-2022-41232 | 1 Jenkins | 1 Build-publisher | 2024-11-21 | N/A | 8.0 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint. | |||||
| CVE-2022-41227 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2024-11-21 | N/A | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. | |||||