Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3126 | 1 Najeebmedia | 1 Frontend File Manager Plugin | 2022-10-21 | N/A | 4.3 MEDIUM |
| The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf | |||||
| CVE-2022-43418 | 1 Jenkins | 1 Katalon | 2022-10-20 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41500 | 1 Eyoucms | 1 Eyoucms | 2022-10-20 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. | |||||
| CVE-2022-3151 | 1 Wp Custom Cursors Project | 1 Wp Custom Cursors | 2022-10-20 | N/A | 4.3 MEDIUM |
| The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack. | |||||
| CVE-2020-8976 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2022-10-20 | N/A | 8.8 HIGH |
| The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request. | |||||
| CVE-2022-23771 | 1 Iptime | 6 Nas1dual, Nas1dual Firmware, Nas2dual and 3 more | 2022-10-19 | N/A | 8.8 HIGH |
| This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges. | |||||
| CVE-2022-3585 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-18 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3582 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-18 | N/A | 3.5 LOW |
| A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability. | |||||
| CVE-2022-42070 | 1 Online Birth Certificate Management System Project | 1 Online Birth Certificate Management System | 2022-10-17 | N/A | 8.8 HIGH |
| Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2022-42077 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2022-10-14 | N/A | 6.5 MEDIUM |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | |||||
| CVE-2022-42078 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2022-10-14 | N/A | 6.5 MEDIUM |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | |||||
| CVE-2022-42086 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2022-10-14 | N/A | 6.5 MEDIUM |
| Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. | |||||
| CVE-2022-42087 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2022-10-14 | N/A | 6.5 MEDIUM |
| Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | |||||
| CVE-2022-35611 | 1 Bevywise | 1 Mqttroute | 2022-10-14 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. | |||||
| CVE-2022-41489 | 1 Wayos | 12 Lq-04, Lq-04 Firmware, Lq-05 and 9 more | 2022-10-14 | N/A | 8.1 HIGH |
| WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm. | |||||
| CVE-2022-41474 | 1 Rpcms | 1 Rpcms | 2022-10-14 | N/A | 6.5 MEDIUM |
| RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. | |||||
| CVE-2022-41475 | 1 Rpcms | 1 Rpcms | 2022-10-14 | N/A | 8.8 HIGH |
| RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. | |||||
| CVE-2019-8991 | 1 Tibco | 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more | 2022-10-14 | 6.8 MEDIUM | 8.8 HIGH |
| The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1. | |||||
| CVE-2019-5924 | 1 Rednao | 1 Smart Forms | 2022-10-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. | |||||
| CVE-2019-6166 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2022-10-13 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. | |||||