Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-12 | CVE-2022-20613 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | 4.3 |
| 2022-01-12 | CVE-2022-20619 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 |
| 2022-01-12 | CVE-2022-23111 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Publish Over SSH A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | 4.3 |
| 2022-01-12 | CVE-2022-23115 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Batch Task Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task. | 5.4 |
| 2022-01-11 | CVE-2021-37198 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Comos A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). | 8.8 |
| 2022-01-10 | CVE-2021-25051 | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | 8.8 |
| 2022-01-10 | CVE-2021-46147 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 8.8 |
| 2022-01-10 | CVE-2021-34086 | Cross-Site Request Forgery (CSRF) vulnerability in Ultimaker products In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. | 8.8 |
| 2021-12-30 | CVE-2021-20165 | Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. | 8.8 |
| 2021-12-30 | CVE-2020-29292 | Cross-Site Request Forgery (CSRF) vulnerability in Iball Wrd12En Firmware 1.0.0 iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses. | 6.5 |