Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2021-27758 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Bigfix Inventory There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. | 4.3 |
| 2022-05-05 | CVE-2022-1389 | Cross-Site Request Forgery (CSRF) vulnerability in F5 products On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. | 4.3 |
| 2022-05-04 | CVE-2022-25778 | Cross-Site Request Forgery (CSRF) vulnerability in Secomea products Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. | 6.8 |
| 2022-05-03 | CVE-2022-0916 | Cross-Site Request Forgery (CSRF) vulnerability in Logitech Options An issue was discovered in Logitech Options. | 6.8 |
| 2022-05-02 | CVE-2022-0191 | Cross-Site Request Forgery (CSRF) vulnerability in Acnam AD Invalid Click Protector The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans | 4.3 |
| 2022-05-02 | CVE-2022-23904 | Cross-Site Request Forgery (CSRF) vulnerability in Rainworx Auctionworx Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. | 6.0 |
| 2022-04-29 | CVE-2022-29414 | Cross-Site Request Forgery (CSRF) vulnerability in Wpkube Subscribe to Comments Reloaded Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription. | 5.8 |
| 2022-04-29 | CVE-2021-43937 | Cross-Site Request Forgery (CSRF) vulnerability in Smartptt Scada Server 1.4 Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | 6.8 |
| 2022-04-29 | CVE-2022-29903 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. | 4.3 |
| 2022-04-29 | CVE-2022-29905 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. | 4.3 |