ReportizFlow
Filtered by vendor
Subscriptions
Total
8337 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26309 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.7 Low |
| Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group. | ||||
| CVE-2022-26180 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 8.8 High |
| qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. | ||||
| CVE-2022-26173 | 1 Jforum | 1 Jforum | 2024-11-21 | 8.8 High |
| JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. | ||||
| CVE-2022-25778 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 4.2 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. | ||||
| CVE-2022-25754 | 1 Siemens | 48 Scalance X302-7eec, Scalance X302-7eec Firmware, Scalance X304-2fe and 45 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. | ||||
| CVE-2022-25576 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 4.5 Medium |
| Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. | ||||
| CVE-2022-25523 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 8.8 High |
| TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. | ||||
| CVE-2022-25268 | 1 Passwork | 1 Passwork | 2024-11-21 | 8.8 High |
| Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. | ||||
| CVE-2022-25242 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 8.8 High |
| In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF). | ||||
| CVE-2022-25241 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 8.8 High |
| In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF). | ||||
| CVE-2022-25212 | 1 Jenkins | 1 Swamp | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | ||||
| CVE-2022-25207 | 1 Jenkins | 1 Chef Sinatra | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | ||||
| CVE-2022-25205 | 1 Jenkins | 1 Dbcharts | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance. | ||||
| CVE-2022-25200 | 1 Jenkins | 1 Checkmarx | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-25198 | 1 Jenkins | 1 Scp Publisher | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | ||||
| CVE-2022-25194 | 1 Jenkins | 1 Autonomiq | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials. | ||||
| CVE-2022-25192 | 1 Jenkins | 1 Snow Commander | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-24947 | 1 Apache | 1 Jspwiki | 2024-11-21 | 8.8 High |
| Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later. | ||||
| CVE-2022-24342 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 8.8 High |
| In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. | ||||
| CVE-2022-24235 | 1 Snapt | 1 Aria | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | ||||