Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-29735 Cross-Site Request Forgery (CSRF) vulnerability in Deltacontrols Entelitouch Firmware 3.33.4005/3.40.3706/3.40.3935
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.
network
low complexity
deltacontrols CWE-352
8.8
8.8
2022-05-31 CVE-2022-22361 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
6.5
6.5
2022-05-26 CVE-2021-34360 Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server.
network
low complexity
qnap CWE-352
8.8
8.8
2022-05-23 CVE-2022-29002 Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.3.0
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
network
low complexity
xuxueli CWE-352
8.8
8.8
2022-05-23 CVE-2022-30014 Cross-Site Request Forgery (CSRF) vulnerability in Simple Food Website Project Simple Food Website 1.0
Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.
network
low complexity
simple-food-website-project CWE-352
8.8
8.8
2022-05-20 CVE-2022-29431 Cross-Site Request Forgery (CSRF) vulnerability in Kubiq CPT Base
Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base.
network
low complexity
kubiq CWE-352
5.4
5.4
2022-05-20 CVE-2022-28992 Cross-Site Request Forgery (CSRF) vulnerability in PHPgurukul Online Banquet Booking System 1.0
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.
network
low complexity
phpgurukul CWE-352
8.8
8.8
2022-05-18 CVE-2022-28921 Cross-Site Request Forgery (CSRF) vulnerability in Blogengine Blogengine.Net 3.3.8.0
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server.
network
low complexity
blogengine CWE-352
6.5
6.5
2022-05-18 CVE-2022-22778 Cross-Site Request Forgery (CSRF) vulnerability in Tibco Businessconnect Trading Community Management 6.1.0
The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system.
network
low complexity
tibco CWE-352
8.8
8.8
2022-05-18 CVE-2022-27632 Cross-Site Request Forgery (CSRF) vulnerability in Meikyo products
Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page.
network
low complexity
meikyo CWE-352
8.8
8.8