Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3267 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-22 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. | |||||
| CVE-2022-40219 | 1 Sedlex | 1 Favicon-switcher | 2022-09-22 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change. | |||||
| CVE-2022-1591 | 1 Wordpress Ping Optimizer Project | 1 Wordpress Ping Optimizer | 2022-09-21 | N/A | 4.3 MEDIUM |
| The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-3232 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5. | |||||
| CVE-2022-40623 | 1 Wavlink | 2 Wn531g3, Wn531g3 Firmware | 2022-09-19 | N/A | 8.8 HIGH |
| The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution. | |||||
| CVE-2022-3221 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-18 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3. | |||||
| CVE-2022-36095 | 1 Xwiki | 1 Xwiki | 2022-09-15 | N/A | 4.3 MEDIUM |
| XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there. | |||||
| CVE-2022-37411 | 1 Captcha Code Project | 1 Captcha Code | 2022-09-14 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress. | |||||
| CVE-2020-19159 | 1 Laiketui | 1 Laiketui | 2022-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'. | |||||
| CVE-2022-37730 | 1 Ftcms | 1 Ftcms | 2022-09-13 | N/A | 8.8 HIGH |
| In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge. | |||||
| CVE-2022-23679 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2022-09-13 | N/A | 8.8 HIGH |
| AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2022-23680 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2022-09-12 | N/A | 8.8 HIGH |
| AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2020-10478 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request. | |||||
| CVE-2020-10479 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request. | |||||
| CVE-2020-10481 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request. | |||||
| CVE-2020-10482 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request. | |||||
| CVE-2020-10483 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request. | |||||
| CVE-2020-10486 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request. | |||||
| CVE-2020-10484 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request. | |||||
| CVE-2020-10485 | 1 Chadhaajay | 1 Phpkb | 2022-09-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request. | |||||