Export limit exceeded: 10142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10142 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22442 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 High |
| There is an Improper Validation of Integrity Check Value Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | ||||
| CVE-2021-22276 | 1 Abb | 10 System Access Point 127v, System Access Point 127v Firmware, System Access Point 2.0 and 7 more | 2024-11-21 | 6.1 Medium |
| The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. | ||||
| CVE-2021-22224 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.1 High |
| A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim | ||||
| CVE-2021-22202 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.4 Low |
| An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. | ||||
| CVE-2021-21823 | 1 Komoot | 1 Komoot | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information. | ||||
| CVE-2021-21745 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2024-11-21 | 4.3 Medium |
| ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. | ||||
| CVE-2021-21729 | 1 Zte | 4 Zxhn H108n, Zxhn H108n Firmware, Zxhn H168n and 1 more | 2024-11-21 | 6.5 Medium |
| Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 | ||||
| CVE-2021-21679 | 1 Jenkins | 1 Azure Ad | 2024-11-21 | 8.8 High |
| Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | ||||
| CVE-2021-21678 | 1 Jenkins | 1 Saml | 2024-11-21 | 8.8 High |
| Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | ||||
| CVE-2021-21675 | 1 Jenkins | 1 Requests | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. | ||||
| CVE-2021-21665 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins. | ||||
| CVE-2021-21655 | 1 Jenkins | 1 P4 | 2024-11-21 | 7.1 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. | ||||
| CVE-2021-21652 | 1 Jenkins | 1 Xray - Test Management For Jira | 2024-11-21 | 7.1 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2021-21644 | 2 Jenkins, Redhat | 3 Config File Provider, Openshift, Rhmt | 2024-11-21 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. | ||||
| CVE-2021-21641 | 1 Jenkins | 1 Promoted Builds | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. | ||||
| CVE-2021-21638 | 1 Jenkins | 1 Team Foundation Server | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2021-21633 | 1 Jenkins | 1 Owasp Dependency-track | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | ||||
| CVE-2021-21629 | 1 Jenkins | 1 Build With Parameters | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. | ||||
| CVE-2021-21627 | 1 Jenkins | 1 Libvirt Agents | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. | ||||
| CVE-2021-21620 | 1 Jenkins | 1 Claim | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims. | ||||