Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-17 | CVE-2022-30958 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins SSH A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-05-17 | CVE-2022-30969 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter 1.0/1.1 A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator. | 8.8 |
| 2022-05-17 | CVE-2022-30972 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Storage Configs A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 8.8 |
| 2022-05-06 | CVE-2021-27758 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Bigfix Inventory There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. | 6.5 |
| 2022-05-04 | CVE-2022-25778 | Cross-Site Request Forgery (CSRF) vulnerability in Secomea products Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. | 8.8 |
| 2022-05-03 | CVE-2022-0916 | Cross-Site Request Forgery (CSRF) vulnerability in Logitech Options An issue was discovered in Logitech Options. | 8.8 |
| 2022-05-02 | CVE-2022-23904 | Cross-Site Request Forgery (CSRF) vulnerability in Rainworx Auctionworx 3.1 Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. | 8.0 |
| 2022-04-29 | CVE-2021-43937 | Cross-Site Request Forgery (CSRF) vulnerability in Smartptt Scada Server 1.4 Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | 8.8 |
| 2022-04-29 | CVE-2022-29903 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. | 4.3 |
| 2022-04-29 | CVE-2022-29905 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. | 4.3 |