Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36887 | 1 Jenkins | 1 Job Configuration History | 2023-11-22 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. | |||||
| CVE-2022-34812 | 1 Jenkins | 1 Xpath Configuration Viewer | 2023-11-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. | |||||
| CVE-2022-34815 | 1 Jenkins | 1 Request Rename Or Delete | 2023-11-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. | |||||
| CVE-2022-34817 | 1 Jenkins | 1 Failed Job Deactivator | 2023-11-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. | |||||
| CVE-2022-34797 | 1 Jenkins | 1 Deployment Dashboard | 2023-11-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. | |||||
| CVE-2023-38130 | 1 Cubecart | 1 Cubecart | 2023-11-22 | N/A | 8.1 HIGH |
| Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | |||||
| CVE-2023-4689 | 1 Webtechstreet | 1 Elementor Addon Elements | 2023-11-21 | N/A | 4.3 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to enable/disable elementor addon elements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2023-4690 | 1 Webtechstreet | 1 Elementor Addon Elements | 2023-11-21 | N/A | 4.3 MEDIUM |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to change configuration settings for the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-8976 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2023-11-20 | N/A | 8.8 HIGH |
| The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request. | |||||
| CVE-2023-48021 | 1 Iteachyou | 1 Dreamer Cms | 2023-11-18 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. | |||||
| CVE-2023-48020 | 1 Iteachyou | 1 Dreamer Cms | 2023-11-17 | N/A | 8.8 HIGH |
| Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. | |||||
| CVE-2022-28143 | 1 Jenkins | 1 Proxmox | 2023-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | |||||
| CVE-2022-28138 | 1 Jenkins | 1 Rocketchat Notifier | 2023-11-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. | |||||
| CVE-2023-39412 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 8.8 HIGH |
| Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-47230 | 1 Cimatti | 1 Wordpress Contact Forms | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. | |||||
| CVE-2023-34384 | 1 Kebo Twitter Feed Project | 1 Kebo Twitter Feed | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions. | |||||
| CVE-2023-28173 | 1 Digitalinspiration | 1 Google Xml Sitemap For Images | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions. | |||||
| CVE-2023-29238 | 1 Whydonate | 1 Wp Whydonate | 2023-11-16 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin <= 3.12.15 versions. | |||||
| CVE-2020-7332 | 1 Mcafee | 1 Endpoint Security | 2023-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. | |||||
| CVE-2020-7336 | 1 Mcafee | 1 Network Security Management | 2023-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request. | |||||