Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2021-36570 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.13 Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | 8.8 |
| 2023-02-03 | CVE-2022-47130 | Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Academy LMS A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | 4.3 |
| 2023-02-03 | CVE-2022-47132 | Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Academy LMS A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. | 8.8 |
| 2023-02-02 | CVE-2023-25015 | Cross-Site Request Forgery (CSRF) vulnerability in Clockwork web Project Clockwork web Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | 6.5 |
| 2023-02-01 | CVE-2023-23750 | Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla! An issue was discovered in Joomla! 4.0.0 through 4.2.6. | 6.3 |
| 2023-02-01 | CVE-2023-20856 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vrealize Operations VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. | 8.8 |
| 2023-01-26 | CVE-2023-24423 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gerrit Trigger A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. | 6.5 |
| 2023-01-26 | CVE-2023-24428 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bitbucket Oauth A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. | 5.7 |
| 2023-01-26 | CVE-2023-24432 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Orka BY Macstadium A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2023-01-26 | CVE-2023-24434 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Pull Request Builder A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |