Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41500 | 1 Eyoucms | 1 Eyoucms | 2022-10-20 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. | |||||
| CVE-2022-3151 | 1 Wp Custom Cursors Project | 1 Wp Custom Cursors | 2022-10-20 | N/A | 4.3 MEDIUM |
| The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack. | |||||
| CVE-2022-23771 | 1 Iptime | 6 Nas1dual, Nas1dual Firmware, Nas2dual and 3 more | 2022-10-19 | N/A | 8.8 HIGH |
| This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges. | |||||
| CVE-2022-42070 | 1 Online Birth Certificate Management System Project | 1 Online Birth Certificate Management System | 2022-10-17 | N/A | 8.8 HIGH |
| Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2022-42077 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2022-10-14 | N/A | 6.5 MEDIUM |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | |||||
| CVE-2022-42078 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2022-10-14 | N/A | 6.5 MEDIUM |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | |||||
| CVE-2022-42086 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2022-10-14 | N/A | 6.5 MEDIUM |
| Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. | |||||
| CVE-2022-42087 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2022-10-14 | N/A | 6.5 MEDIUM |
| Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | |||||
| CVE-2022-35611 | 1 Bevywise | 1 Mqttroute | 2022-10-14 | N/A | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. | |||||
| CVE-2022-41489 | 1 Wayos | 12 Lq-04, Lq-04 Firmware, Lq-05 and 9 more | 2022-10-14 | N/A | 8.1 HIGH |
| WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm. | |||||
| CVE-2022-41474 | 1 Rpcms | 1 Rpcms | 2022-10-14 | N/A | 6.5 MEDIUM |
| RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. | |||||
| CVE-2022-41475 | 1 Rpcms | 1 Rpcms | 2022-10-14 | N/A | 8.8 HIGH |
| RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. | |||||
| CVE-2019-8991 | 1 Tibco | 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more | 2022-10-14 | 6.8 MEDIUM | 8.8 HIGH |
| The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1. | |||||
| CVE-2019-5924 | 1 Rednao | 1 Smart Forms | 2022-10-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. | |||||
| CVE-2019-6166 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2022-10-14 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. | |||||
| CVE-2019-7654 | 1 Wowza | 1 Streaming Engine | 2022-10-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5. | |||||
| CVE-2019-7262 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2022-10-14 | 6.8 MEDIUM | 8.8 HIGH |
| Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). | |||||
| CVE-2019-7270 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2022-10-14 | 6.8 MEDIUM | 8.8 HIGH |
| Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). | |||||
| CVE-2019-7273 | 1 Optergy | 2 Enterprise, Proton | 2022-10-13 | 6.8 MEDIUM | 8.8 HIGH |
| Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). | |||||
| CVE-2022-3154 | 3 Integration For Billingo \& Gravity Forms Project, Integration For Szamlazz.hu \& Gravity Forms Project, Woo Billingo Plus Project | 3 Integration For Billingo \& Gravity Forms, Integration For Szamlazz.hu \& Gravity Forms, Woo Billingo Plus | 2022-10-13 | N/A | 7.1 HIGH |
| The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license | |||||