Total
8573 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26180 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 8.8 High |
| qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. | ||||
| CVE-2022-26173 | 1 Jforum | 1 Jforum | 2024-11-21 | 8.8 High |
| JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. | ||||
| CVE-2022-25778 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 4.2 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. | ||||
| CVE-2022-25754 | 1 Siemens | 48 Scalance X302-7eec, Scalance X302-7eec Firmware, Scalance X304-2fe and 45 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. | ||||
| CVE-2022-25576 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 4.5 Medium |
| Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. | ||||
| CVE-2022-25523 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 8.8 High |
| TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. | ||||
| CVE-2022-25268 | 1 Passwork | 1 Passwork | 2024-11-21 | 8.8 High |
| Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. | ||||
| CVE-2022-25242 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 8.8 High |
| In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF). | ||||
| CVE-2022-25241 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 8.8 High |
| In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF). | ||||
| CVE-2022-25212 | 1 Jenkins | 1 Swamp | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | ||||
| CVE-2022-25207 | 1 Jenkins | 1 Chef Sinatra | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | ||||
| CVE-2022-25205 | 1 Jenkins | 1 Dbcharts | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance. | ||||
| CVE-2022-25200 | 1 Jenkins | 1 Checkmarx | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-25198 | 1 Jenkins | 1 Scp Publisher | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | ||||
| CVE-2022-25194 | 1 Jenkins | 1 Autonomiq | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials. | ||||
| CVE-2022-25192 | 1 Jenkins | 1 Snow Commander | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-24947 | 1 Apache | 1 Jspwiki | 2024-11-21 | 8.8 High |
| Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later. | ||||
| CVE-2022-24342 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 8.8 High |
| In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. | ||||
| CVE-2022-24235 | 1 Snapt | 1 Aria | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | ||||
| CVE-2022-23904 | 1 Rainworx | 1 Auctionworx | 2024-11-21 | 8.0 High |
| Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition. | ||||