Export limit exceeded: 356467 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10182 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10182 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3582 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability. | ||||
| CVE-2022-3232 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5. | ||||
| CVE-2022-3221 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3. | ||||
| CVE-2022-3208 | 1 Simplefilelist | 1 Simple-file-list | 2024-11-21 | 6.5 Medium |
| The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack. | ||||
| CVE-2022-3154 | 3 Integration For Billingo \& Gravity Forms Project, Integration For Szamlazz.hu \& Gravity Forms Project, Woo Billingo Plus Project | 3 Integration For Billingo \& Gravity Forms, Integration For Szamlazz.hu \& Gravity Forms, Woo Billingo Plus | 2024-11-21 | 7.1 High |
| The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license | ||||
| CVE-2022-3017 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. | ||||
| CVE-2022-39845 | 1 Samsung | 1 Kies | 2024-11-21 | 5.5 Medium |
| Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction. | ||||
| CVE-2022-39844 | 1 Samsung | 1 Smart Switch Pc | 2024-11-21 | 5.5 Medium |
| Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction. | ||||
| CVE-2022-38359 | 1 Eyeofnetwork | 1 Eyes Of Network Web | 2024-11-21 | 8.8 High |
| Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link. | ||||
| CVE-2022-38075 | 1 Webartesanal | 1 Mantenimiento Web | 2024-11-21 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. | ||||
| CVE-2022-38062 | 1 Metagauss | 1 Download Theme | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions. | ||||
| CVE-2022-37730 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 8.8 High |
| In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge. | ||||
| CVE-2022-37043 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 5.7 Medium |
| An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds. | ||||
| CVE-2022-36968 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2024-11-21 | 4.3 Medium |
| In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. | ||||
| CVE-2022-36920 | 1 Jenkins | 1 Coverity | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-36916 | 1 Jenkins | 1 Google Cloud Backup | 2024-11-21 | 8.0 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. | ||||
| CVE-2022-36911 | 1 Jenkins | 1 Openstack Heat | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2022-36908 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. | ||||
| CVE-2022-36906 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | ||||
| CVE-2022-36887 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. | ||||