Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0398 | 1 Modoboa | 1 Modoboa | 2023-01-27 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2022-47395 | 1 Sewio | 1 Real-time Location System Studio | 2023-01-26 | N/A | 8.1 HIGH |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitrary maintenance operations and cause a denial-of-service condition. | |||||
| CVE-2023-0403 | 1 Warfareplugins | 1 Social Warfare | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-45127 | 1 Sewio | 1 Real-time Location System Studio | 2023-01-25 | N/A | 8.1 HIGH |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service condition. | |||||
| CVE-2022-30544 | 1 Hyumika | 1 Openstreetmap | 2023-01-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions. | |||||
| CVE-2022-36379 | 1 Yoomoney | 1 Yukassa For Woocommerce | 2023-01-24 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | |||||
| CVE-2022-4621 | 1 Panasonic | 10 Vcc-hd2100p, Vcc-hd2100p Firmware, Vcc-hd3100p and 7 more | 2023-01-24 | N/A | 8.8 HIGH |
| Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges. | |||||
| CVE-2023-22286 | 1 Ate-mahoroba | 6 Maho-pbx Netdevancer, Maho-pbx Netdevancer Firmware, Maho-pbx Netdevancer Mobilegate and 3 more | 2023-01-24 | N/A | 8.1 HIGH |
| Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in. | |||||
| CVE-2022-4309 | 1 Subscribe2 Project | 1 Subscribe2 | 2023-01-24 | N/A | 3.1 LOW |
| The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack. | |||||
| CVE-2022-4549 | 1 Tickera | 1 Tickera | 2023-01-24 | N/A | 4.3 MEDIUM |
| The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | |||||
| CVE-2018-18772 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 6.8 MEDIUM | 8.8 HIGH |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | |||||
| CVE-2019-13477 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 4.3 MEDIUM | 8.8 HIGH |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. | |||||
| CVE-2018-18773 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 6.8 MEDIUM | 8.8 HIGH |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | |||||
| CVE-2022-43719 | 1 Apache | 1 Superset | 2023-01-24 | N/A | 8.8 HIGH |
| Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||
| CVE-2023-22852 | 1 Tiki | 1 Tiki | 2023-01-23 | N/A | 6.5 MEDIUM |
| Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | |||||
| CVE-2023-0294 | 1 Frenify | 1 Mediamatic | 2023-01-23 | N/A | 4.3 MEDIUM |
| The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-23685 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-23 | N/A | 8.8 HIGH |
| A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can convince an authenticated user of the interface to interact with a specially crafted URL in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2020-12781 | 1 Combodo | 1 Itop | 2023-01-20 | 6.8 MEDIUM | 8.8 HIGH |
| Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. | |||||
| CVE-2022-46368 | 1 Maxum | 1 Rumpus | 2023-01-20 | N/A | 8.8 HIGH |
| Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | |||||
| CVE-2022-46367 | 1 Maxum | 1 Rumpus | 2023-01-20 | N/A | 8.8 HIGH |
| Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | |||||