Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4090 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331. | ||||
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | 6.5 Medium |
| The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts) | ||||
| CVE-2022-4014 | 1 Feehi | 1 Feehicms | 2024-11-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788. | ||||
| CVE-2022-4013 | 1 Hospital Management Center Project | 1 Hospital Management Center | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787. | ||||
| CVE-2022-47559 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | 8.6 High |
| Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity. | ||||
| CVE-2022-47373 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 6.4 Medium |
| Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload. | ||||
| CVE-2022-47175 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions. | ||||
| CVE-2022-47172 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions. | ||||
| CVE-2022-47169 | 1 Staxwp | 1 Visibility Logic For Elementor | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions. | ||||
| CVE-2022-47132 | 1 Creativeitem | 1 Academy Lms | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. | ||||
| CVE-2022-46857 | 1 Sitealert | 1 Sitealert | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. | ||||
| CVE-2022-46841 | 1 Soflyy | 1 Oxygen | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions. | ||||
| CVE-2022-46688 | 1 Jenkins | 1 Sonar Gerrit | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | ||||
| CVE-2022-46491 | 1 Nbnbk Project | 1 Nbnbk | 2024-11-21 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts. | ||||
| CVE-2022-46368 | 1 Maxum | 1 Rumpus | 2024-11-21 | 6.8 Medium |
| Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | ||||
| CVE-2022-46367 | 1 Maxum | 1 Rumpus | 2024-11-21 | 6.8 Medium |
| Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | ||||
| CVE-2022-46074 | 1 Helmet Store Showroom Project | 1 Helmet Store Showroom | 2024-11-21 | 8.8 High |
| Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection. | ||||
| CVE-2022-46062 | 1 Gym Management System Project | 1 Gym Management System | 2024-11-21 | 4.5 Medium |
| Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2022-46059 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 6.5 Medium |
| AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2022-45980 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-11-21 | 8.8 High |
| Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet . | ||||