Total
6291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38329 | 1 Shopxian | 1 Shopxian Cms | 2024-08-03 | 4.3 Medium |
| An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnerability that can delete the specified column via index.php/contents-admin_cat-finderdel-model-ContentsCat.html?id=17. | ||||
| CVE-2022-38077 | 1 Essentialplugin | 1 Popup Anything | 2024-08-03 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. | ||||
| CVE-2022-38063 | 1 Social Login Wp Project | 1 Social Login Wp | 2024-08-03 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions. | ||||
| CVE-2022-37730 | 1 Ftcms | 1 Ftcms | 2024-08-03 | 8.8 High |
| In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge. | ||||
| CVE-2022-37719 | 1 Edgenexus | 1 Application Delivery Controller | 2024-08-03 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | ||||
| CVE-2022-37043 | 1 Zimbra | 1 Collaboration | 2024-08-03 | 5.7 Medium |
| An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds. | ||||
| CVE-2022-36968 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2024-08-03 | 4.3 Medium |
| In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. | ||||
| CVE-2022-36916 | 1 Jenkins | 1 Google Cloud Backup | 2024-08-03 | 8.0 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. | ||||
| CVE-2022-36911 | 1 Jenkins | 1 Openstack Heat | 2024-08-03 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2022-36886 | 1 Jenkins | 1 External Monitor Job Type | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. | ||||
| CVE-2022-36908 | 1 Jenkins | 1 Openshift Deployer | 2024-08-03 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | ||||
| CVE-2022-36920 | 1 Jenkins | 1 Coverity | 2024-08-03 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-36906 | 1 Jenkins | 1 Openshift Deployer | 2024-08-03 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | ||||
| CVE-2022-36882 | 2 Jenkins, Redhat | 2 Git, Openshift | 2024-08-03 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | ||||
| CVE-2022-36887 | 1 Jenkins | 1 Job Configuration History | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. | ||||
| CVE-2022-36579 | 1 Wellcms | 1 Wellcms | 2024-08-03 | 8.8 High |
| Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2022-36577 | 1 Jizhicms | 1 Jizhicms | 2024-08-03 | 8.8 High |
| An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. | ||||
| CVE-2022-36546 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-08-03 | 8.8 High |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | ||||
| CVE-2022-36312 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-08-03 | 8.8 High |
| Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | ||||
| CVE-2022-36225 | 1 Eyoucms | 1 Eyoucms | 2024-08-03 | 8.8 High |
| EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | ||||