Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-21 | CVE-2021-40662 | Cross-Site Request Forgery (CSRF) vulnerability in Chamilo 1.11.14 A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL. | 8.8 |
| 2022-03-21 | CVE-2022-23349 | Cross-Site Request Forgery (CSRF) vulnerability in Bigantsoft Bigant Server 5.6.06 BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). | 8.8 |
| 2022-03-21 | CVE-2021-24905 | Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Advanced CF7 DB The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. | 8.0 |
| 2022-03-21 | CVE-2022-0515 | Cross-Site Request Forgery (CSRF) vulnerability in Craterapp Crater Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. | 4.3 |
| 2022-03-21 | CVE-2022-0681 | Cross-Site Request Forgery (CSRF) vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack | 6.5 |
| 2022-03-21 | CVE-2022-24235 | Cross-Site Request Forgery (CSRF) vulnerability in Snapt Aria 12.8 A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | 8.8 |
| 2022-03-19 | CVE-2022-27226 | Cross-Site Request Forgery (CSRF) vulnerability in IRZ products A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. | 8.8 |
| 2022-03-15 | CVE-2022-27198 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Cloudbees AWS Credentials A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | 8.0 |
| 2022-03-15 | CVE-2022-27204 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Extended Choice Parameter 346.Vd87693C5A86C A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. | 8.8 |
| 2022-03-15 | CVE-2022-27210 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |