Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-05-06 CVE-2021-27758 Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Bigfix Inventory
There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.
network
hcltech CWE-352
4.3
2022-05-05 CVE-2022-1389 Cross-Site Request Forgery (CSRF) vulnerability in F5 products
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
network
f5 CWE-352
4.3
2022-05-04 CVE-2022-25778 Cross-Site Request Forgery (CSRF) vulnerability in Secomea products
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.
network
secomea CWE-352
6.8
2022-05-03 CVE-2022-0916 Cross-Site Request Forgery (CSRF) vulnerability in Logitech Options
An issue was discovered in Logitech Options.
network
logitech CWE-352
6.8
2022-05-02 CVE-2022-0191 Cross-Site Request Forgery (CSRF) vulnerability in Acnam AD Invalid Click Protector
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans
network
acnam CWE-352
4.3
2022-05-02 CVE-2022-23904 Cross-Site Request Forgery (CSRF) vulnerability in Rainworx Auctionworx
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel.
network
rainworx CWE-352
6.0
2022-04-29 CVE-2022-29414 Cross-Site Request Forgery (CSRF) vulnerability in Wpkube Subscribe to Comments Reloaded
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
network
wpkube CWE-352
5.8
2022-04-29 CVE-2021-43937 Cross-Site Request Forgery (CSRF) vulnerability in Smartptt Scada Server 1.4
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
network
smartptt CWE-352
6.8
2022-04-29 CVE-2022-29903 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration.
network
mediawiki CWE-352
4.3
2022-04-29 CVE-2022-29905 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki
The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.
network
mediawiki CWE-352
4.3