Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36887 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. | ||||
| CVE-2022-36886 | 1 Jenkins | 1 External Monitor Job Type | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. | ||||
| CVE-2022-36882 | 2 Jenkins, Redhat | 2 Git, Openshift | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | ||||
| CVE-2022-36579 | 1 Wellcms | 1 Wellcms | 2024-11-21 | 8.8 High |
| Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2022-36577 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 8.8 High |
| An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. | ||||
| CVE-2022-36546 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | 8.8 High |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | ||||
| CVE-2022-36345 | 1 Metagauss | 1 Download Plugin | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download PluginĀ <= 2.0.4 versions. | ||||
| CVE-2022-36312 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | 8.8 High |
| Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | ||||
| CVE-2022-36225 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 8.8 High |
| EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | ||||
| CVE-2022-36224 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | 8.8 High |
| XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2022-36095 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 4.3 Medium |
| XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there. | ||||
| CVE-2022-36076 | 1 Nodebb | 1 Nodebb | 2024-11-21 | 8.8 High |
| NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. | ||||
| CVE-2022-35943 | 1 Codeigniter | 2 Codeigniter, Shield | 2024-11-21 | 5.9 Medium |
| Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). Upgrade to **CodeIgniter v4.2.3 or later** and **Shield v1.0.0-beta.2 or later**. As a workaround: set `Config\Security::$csrfProtection` to `'session,'`remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match) | ||||
| CVE-2022-35656 | 1 Pega | 1 Pega Platform | 2024-11-21 | 4.5 Medium |
| Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | ||||
| CVE-2022-35613 | 1 Konker | 1 Konker Platform | 2024-11-21 | 8.8 High |
| Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). | ||||
| CVE-2022-35611 | 1 Bevywise | 1 Mqttroute | 2024-11-21 | 4.3 Medium |
| A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. | ||||
| CVE-2022-35286 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 8.8 High |
| IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814. | ||||
| CVE-2022-35285 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | 8.8 High |
| IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812. | ||||
| CVE-2022-35228 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 8.8 High |
| SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application. | ||||
| CVE-2022-35196 | 1 Testlink | 1 Testlink | 2024-11-21 | 8.8 High |
| TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php. | ||||