Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28143 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters. | ||||
| CVE-2022-28138 | 1 Jenkins | 1 Rocketchat Notifier | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. | ||||
| CVE-2022-28136 | 1 Jenkins | 1 Jiratestresultreporter | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-28109 | 1 Selenium | 1 Selenium Grid | 2024-11-21 | 8.8 High |
| Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine. | ||||
| CVE-2022-28108 | 1 Selenium | 1 Selenium Grid | 2024-11-21 | 8.8 High |
| Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. | ||||
| CVE-2022-27632 | 1 Meikyo | 30 Poe Boot Nino Poe8m2, Poe Boot Nino Poe8m2 Firmware, Pose Se10-8a7b1 and 27 more | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page. | ||||
| CVE-2022-27629 | 1 Videowhisper | 1 Micropayments | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors. | ||||
| CVE-2022-27488 | 1 Fortinet | 6 Fortiai, Fortimail, Fortindr and 3 more | 2024-11-21 | 7.5 High |
| A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests. | ||||
| CVE-2022-27432 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. | ||||
| CVE-2022-27375 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-11-21 | 6.5 Medium |
| Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. | ||||
| CVE-2022-27374 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-11-21 | 6.5 Medium |
| Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. | ||||
| CVE-2022-27340 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 8.8 High |
| MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. | ||||
| CVE-2022-27226 | 1 Irz | 10 Rl01, Rl01 Firmware, Rl21 and 7 more | 2024-11-21 | 8.8 High |
| A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction. | ||||
| CVE-2022-27214 | 1 Jenkins | 1 Release Helper | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-27210 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-27204 | 1 Jenkins | 1 Extended Choice Parameter | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2022-27198 | 1 Jenkins | 1 Cloudbees Aws Credentials | 2024-11-21 | 8.0 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | ||||
| CVE-2022-27174 | 1 Easy Blog Project | 1 Easy Blog | 2024-11-21 | 4.3 Medium |
| Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page. | ||||
| CVE-2022-26589 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. | ||||
| CVE-2022-26588 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI. | ||||