Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-26 | CVE-2021-34360 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. | 8.8 |
| 2022-05-23 | CVE-2022-29002 | Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.3.0 A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. | 8.8 |
| 2022-05-23 | CVE-2022-30014 | Cross-Site Request Forgery (CSRF) vulnerability in Simple Food Website Project Simple Food Website 1.0 Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. | 8.8 |
| 2022-05-20 | CVE-2022-29431 | Cross-Site Request Forgery (CSRF) vulnerability in Kubiq CPT Base Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. | 5.4 |
| 2022-05-20 | CVE-2022-28992 | Cross-Site Request Forgery (CSRF) vulnerability in PHPgurukul Online Banquet Booking System 1.0 A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. | 8.8 |
| 2022-05-18 | CVE-2022-28921 | Cross-Site Request Forgery (CSRF) vulnerability in Blogengine Blogengine.Net 3.3.8.0 A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server. | 6.5 |
| 2022-05-18 | CVE-2022-22778 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco Businessconnect Trading Community Management 6.1.0 The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. | 8.8 |
| 2022-05-18 | CVE-2022-27632 | Cross-Site Request Forgery (CSRF) vulnerability in Meikyo products Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page. | 8.8 |
| 2022-05-17 | CVE-2022-30946 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Script Security A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. | 4.3 |
| 2022-05-17 | CVE-2022-30953 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Blue Ocean A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. | 6.5 |