Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27374 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-05-06 | 7.1 HIGH | 6.5 MEDIUM |
| Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. | |||||
| CVE-2021-24805 | 1 Designwall | 1 Dw Question \& Answer | 2022-05-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. | |||||
| CVE-2021-32929 | 1 Uffizio | 1 Gps Tracker | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user. | |||||
| CVE-2015-0541 | 1 Rsa | 1 Web Threat Detection | 2022-05-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2012-6342 | 1 Atlassian | 1 Confluence Server | 2022-05-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment. | |||||
| CVE-2020-12502 | 2 Korenix, Pepperl-fuchs | 46 Jetnet 4510, Jetnet 4510 Firmware, Jetnet 4706 and 43 more | 2022-04-29 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration. | |||||
| CVE-2021-26474 | 1 Vembu | 2 Bdr Suite, Offsite Dr | 2022-04-29 | 6.8 MEDIUM | 8.8 HIGH |
| Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.) | |||||
| CVE-2022-27629 | 1 Videowhisper | 1 Micropayments | 2022-04-29 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors. | |||||
| CVE-2022-28108 | 1 Selenium | 1 Selenium Grid | 2022-04-27 | 9.3 HIGH | 8.8 HIGH |
| Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. | |||||
| CVE-2022-23349 | 1 Bigantsoft | 1 Bigant Server | 2022-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). | |||||
| CVE-2021-4096 | 1 Radykal | 1 Fancy Product Designer | 2022-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5. | |||||
| CVE-2022-1112 | 1 Autolinks Project | 1 Autolinks | 2022-04-27 | 3.5 LOW | 5.4 MEDIUM |
| The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored Cross-Site scripting against a logged in admin via a CSRF attack | |||||
| CVE-2022-23975 | 1 Accesspressthemes | 1 Access Demo Importer | 2022-04-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin. | |||||
| CVE-2022-23976 | 1 Accesspressthemes | 1 Access Demo Importer | 2022-04-27 | 5.8 MEDIUM | 8.1 HIGH |
| Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). | |||||
| CVE-2021-21275 | 2 Oracle, Report Project | 3 Communications Cloud Native Core Network Slice Selection Function, Communications Pricing Design Center, Report | 2022-04-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens. | |||||
| CVE-2021-28280 | 1 Php-fusion | 1 Phpfusion | 2022-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML | |||||
| CVE-2021-43953 | 1 Atlassian | 2 Data Center, Jira | 2022-04-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5. | |||||
| CVE-2022-28109 | 1 Selenium | 1 Selenium Grid | 2022-04-25 | 6.8 MEDIUM | 8.8 HIGH |
| Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine. | |||||
| CVE-2016-6578 | 1 Filecloud | 1 Filecloud | 2022-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. | |||||
| CVE-2019-14998 | 1 Atlassian | 1 Jira Server | 2022-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance. | |||||