Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2022-40724 Cross-Site Request Forgery (CSRF) vulnerability in Pingidentity Pingfederate
The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.
network
low complexity
pingidentity CWE-352
8.8
8.8
2023-04-25 CVE-2023-26839 Cross-Site Request Forgery (CSRF) vulnerability in Churchcrm 4.5.3
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site.
network
low complexity
churchcrm CWE-352
4.3
4.3
2023-04-25 CVE-2023-26840 Cross-Site Request Forgery (CSRF) vulnerability in Churchcrm 4.5.3
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator.
network
high complexity
churchcrm CWE-352
5.3
5.3
2023-04-25 CVE-2023-26841 Cross-Site Request Forgery (CSRF) vulnerability in Churchcrm 4.5.3
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.
network
low complexity
churchcrm CWE-352
6.5
6.5
2023-04-24 CVE-2023-31061 Cross-Site Request Forgery (CSRF) vulnerability in Repetier-Server
Repetier Server through 1.4.10 does not have CSRF protection.
network
low complexity
repetier-server CWE-352
8.8
8.8
2023-04-21 CVE-2023-29020 Cross-Site Request Forgery (CSRF) vulnerability in Fastify Passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem.
network
low complexity
fastify CWE-352
6.5
6.5
2023-04-17 CVE-2023-29213 Cross-Site Request Forgery (CSRF) vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-352
8.8
8.8
2023-04-15 CVE-2018-17451 Cross-Site Request Forgery (CSRF) vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1.
network
low complexity
gitlab CWE-352
8.8
8.8
2023-04-12 CVE-2023-30525 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Report Portal
A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication.
network
low complexity
jenkins CWE-352
8.8
8.8
2023-04-12 CVE-2023-30529 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Lucene-Search 370.V62A5F618Cd3A/387.V938Aecbf7Fe9
Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.
network
low complexity
jenkins CWE-352
4.3
4.3