Total
6289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29002 | 1 Xuxueli | 1 Xxl-job | 2024-08-03 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. | ||||
| CVE-2022-28921 | 1 Blogengine | 1 Blogengine.net | 2024-08-03 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server. | ||||
| CVE-2022-28892 | 1 Mahara | 1 Mahara | 2024-08-03 | 8.8 High |
| Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. | ||||
| CVE-2022-28731 | 1 Apache | 1 Jspwiki | 2024-08-03 | 6.5 Medium |
| A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page. | ||||
| CVE-2022-28138 | 1 Jenkins | 1 Rocketchat Notifier | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. | ||||
| CVE-2022-28109 | 1 Selenium | 1 Selenium Grid | 2024-08-03 | 8.8 High |
| Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine. | ||||
| CVE-2022-28143 | 1 Jenkins | 1 Proxmox | 2024-08-03 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | ||||
| CVE-2022-28150 | 1 Jenkins | 1 Job And Node Ownership | 2024-08-03 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. | ||||
| CVE-2022-28152 | 1 Jenkins | 1 Job And Node Ownership | 2024-08-03 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. | ||||
| CVE-2022-28108 | 1 Selenium | 1 Selenium Grid | 2024-08-03 | 8.8 High |
| Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. | ||||
| CVE-2022-27632 | 1 Meikyo | 30 Poe Boot Nino Poe8m2, Poe Boot Nino Poe8m2 Firmware, Pose Se10-8a7b1 and 27 more | 2024-08-03 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page. | ||||
| CVE-2022-27628 | 1 Wzone Project | 1 Wzone | 2024-08-03 | 4.7 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions. | ||||
| CVE-2022-27629 | 1 Videowhisper | 1 Micropayments | 2024-08-03 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors. | ||||
| CVE-2022-27488 | 1 Fortinet | 6 Fortiai, Fortimail, Fortindr and 3 more | 2024-08-03 | 7.5 High |
| A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests. | ||||
| CVE-2022-27432 | 1 Pluck-cms | 1 Pluck | 2024-08-03 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. | ||||
| CVE-2022-27375 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-08-03 | 6.5 Medium |
| Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. | ||||
| CVE-2022-27374 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-08-03 | 6.5 Medium |
| Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. | ||||
| CVE-2022-27340 | 1 Mingsoft | 1 Mcms | 2024-08-03 | 8.8 High |
| MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. | ||||
| CVE-2022-27204 | 1 Jenkins | 1 Extended Choice Parameter | 2024-08-03 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2022-27226 | 1 Irz | 10 Rl01, Rl01 Firmware, Rl21 and 7 more | 2024-08-03 | 8.8 High |
| A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction. | ||||