Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21641 | 1 Jenkins | 1 Promoted Builds | 2021-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. | |||||
| CVE-2021-30147 | 1 Dmasoftlab | 1 Radius Manager | 2021-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. | |||||
| CVE-2014-8246 | 1 Broadcom | 1 Release Automation | 2021-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2019-20841 | 1 Mattermost | 1 Mattermost Server | 2021-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks. | |||||
| CVE-2021-24173 | 1 Vm Backups Project | 1 Vm Backups | 2021-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. | |||||
| CVE-2021-24172 | 1 Vm Backups Project | 1 Vm Backups | 2021-04-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current . | |||||
| CVE-2014-5217 | 1 Microfocus | 1 Access Manager | 2021-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action. | |||||
| CVE-2021-24166 | 1 Ninjaforms | 1 Ninja Forms | 2021-04-09 | 5.8 MEDIUM | 5.4 MEDIUM |
| The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. | |||||
| CVE-2021-24161 | 1 Expresstech | 1 Responsive Menu | 2021-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site. | |||||
| CVE-2021-24162 | 1 Expresstech | 1 Responsive Menu | 2021-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site. | |||||
| CVE-2021-20687 | 1 Daifukuya | 1 Kagemai | 2021-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2021-29660 | 1 Softing | 1 Opc Toolbox | 2021-04-07 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | |||||
| CVE-2021-22202 | 1 Gitlab | 1 Gitlab | 2021-04-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. | |||||
| CVE-2021-29349 | 1 Mahara | 1 Mahara | 2021-04-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox. | |||||
| CVE-2021-25924 | 1 Thoughtworks | 1 Gocd | 2021-04-06 | 9.3 HIGH | 8.8 HIGH |
| In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field. | |||||
| CVE-2021-21638 | 1 Jenkins | 1 Team Foundation Server | 2021-04-02 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21629 | 1 Jenkins | 1 Build With Parameters | 2021-04-02 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. | |||||
| CVE-2021-21633 | 1 Jenkins | 1 Owasp Dependency-track | 2021-04-02 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | |||||
| CVE-2017-7571 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2021-04-01 | 6.0 MEDIUM | 8.0 HIGH |
| public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges. | |||||
| CVE-2020-19639 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2021-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI. | |||||