Total
6289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30930 | 1 Phpgurukul | 1 Tourism Management System | 2024-08-03 | 4.3 Medium |
| Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). | ||||
| CVE-2022-30898 | 1 Chshcms | 1 Cscms | 2024-08-03 | 6.5 Medium |
| A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. | ||||
| CVE-2022-30931 | 1 Employee Leaves Management System Project | 1 Employee Leaves Management System | 2024-08-03 | 6.5 Medium |
| Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. | ||||
| CVE-2022-30946 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. | ||||
| CVE-2022-30705 | 1 Wordpress Ping Optimizer Project | 1 Wordpress Ping Optimizer | 2024-08-03 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions. | ||||
| CVE-2022-30694 | 1 Siemens | 223 6ag1151-8ab01-7ab0, 6ag1151-8ab01-7ab0 Firmware, 6ag1151-8fb01-2ab0 and 220 more | 2024-08-03 | 6.5 Medium |
| The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | ||||
| CVE-2022-30608 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-08-03 | 8.8 High |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295. | ||||
| CVE-2022-30544 | 1 Hyumika | 1 Openstreetmap | 2024-08-03 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions. | ||||
| CVE-2022-30328 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2024-08-03 | 6.5 Medium |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. | ||||
| CVE-2022-30327 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2024-08-03 | 6.5 Medium |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known. | ||||
| CVE-2022-30014 | 1 Simple Food Website Project | 1 Simple Food Website | 2024-08-03 | 8.8 High |
| Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. | ||||
| CVE-2022-29903 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 4.3 Medium |
| The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains. | ||||
| CVE-2022-29905 | 1 Mediawiki | 1 Mediawiki | 2024-08-03 | 4.3 Medium |
| The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. | ||||
| CVE-2022-29735 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2024-08-03 | 8.8 High |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2022-29647 | 1 Mingsoft | 1 Mcms | 2024-08-03 | 8.8 High |
| An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | ||||
| CVE-2022-29555 | 1 Northern.tech | 1 Mender | 2024-08-03 | 8.8 High |
| The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. | ||||
| CVE-2022-29557 | 1 Relx | 1 Firco Compliance Link | 2024-08-03 | 8.8 High |
| LexisNexis Firco Compliance Link 3.7 allows CSRF. | ||||
| CVE-2022-29050 | 1 Jenkins | 1 Publish Over Ftp | 2024-08-03 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials. | ||||
| CVE-2022-28992 | 1 Phpgurukul | 1 Online Banquet Booking System | 2024-08-03 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. | ||||
| CVE-2022-29048 | 2 Apple, Jenkins | 2 Macos, Subversion | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. | ||||