Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4849 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
|
|||||
| CVE-2022-4846 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
|
|||||
| CVE-2022-4845 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
|
|||||
| CVE-2022-4844 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
|
|||||
| CVE-2022-4766 | 1 Dolibarr Project Timesheet Project | 1 Dolibarr Project Timesheet | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a is able to address this issue. The name of the patch is 082282e9dab43963e6c8f03cfaddd7921de377f4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216880.
|
|||||
| CVE-2022-4646 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4.
|
|||||
| CVE-2022-4633 | 1 Auto Upload Images Project | 1 Auto Upload Images | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. VDB-216482 is the i ...
Show More |
|||||
| CVE-2022-4621 | 1 Panasonic | 10 Vcc-hd2100p, Vcc-hd2100p Firmware, Vcc-hd3100p and 7 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are
vulnerable to CSRFs that can be exploited to allow an attacker to
perform changes with administrator level privileges.
|
|||||
| CVE-2022-4604 | 1 Wp-english-wp-admin Project | 1 Wp-english-wp-admin | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.2 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vu ...
Show More |
|||||
| CVE-2022-4564 | 1 Ucf | 1 Materia | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected ...
Show More |
|||||
| CVE-2022-4397 | 1 Zend-blog-2 Project | 1 Zend-blog-2 | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4349 | 1 Pwn Project | 1 Pwn | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.
|
|||||
| CVE-2022-4125 | 1 Popup Manager Project | 1 Popup Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
|
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well
|
|||||
| CVE-2022-4090 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331.
|
|||||
| CVE-2022-4021 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-11-21 | N/A | 8.8 HIGH |
|
The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2022-4014 | 1 Feehi | 1 Feehicms | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788.
|
|||||
| CVE-2022-4013 | 1 Hospital Management Center Project | 1 Hospital Management Center | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787.
|
|||||
| CVE-2022-48320 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages.
|
|||||
| CVE-2022-47612 | 1 Xnau | 1 Participants Database | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.
|
|||||
| CVE-2022-47611 | 1 Hover Image Project | 1 Hover Image | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions.
|
|||||
| CVE-2022-47609 | 1 Nicearma | 1 Dnui-delete-not-used-image | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions.
|
|||||
| CVE-2022-47559 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | N/A | 8.6 HIGH |
|
Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity.
|
|||||
| CVE-2022-47448 | 1 Xiligroup | 1 Xili-tidy-tags | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - MS plugin <= 1.12.03 versions.
|
|||||
| CVE-2022-47447 | 1 Internet-formation | 1 Wp-advanced-search | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions.
|
|||||
| CVE-2022-47446 | 1 Viadat | 1 Store Locator For Wordpress With Google Maps | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin <= 3.98.7 versions.
|
|||||
| CVE-2022-47440 | 1 My Tickets Project | 1 My Tickets | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions.
|
|||||
| CVE-2022-47427 | 1 My Calendar Project | 1 My Calendar | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.
|
|||||
| CVE-2022-47422 | 1 Hmplugin | 1 Accept Stripe Donation - Aidwp | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions.
|
|||||
| CVE-2022-47395 | 1 Sewio | 1 Real-time Location System Studio | 2024-11-21 | N/A | 8.1 HIGH |
|
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitrary maintenance operations and cause a denial-of-service condition.
|
|||||
| CVE-2022-47373 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload.
|
|||||
| CVE-2022-47372 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 7.6 HIGH |
|
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.
|
|||||
| CVE-2022-47183 | 1 Stylist Project | 1 Stylist | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.
|
|||||
| CVE-2022-47180 | 1 Kopatheme | 1 Kopa Framework | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions.
|
|||||
| CVE-2022-47179 | 1 Ujsoftware | 1 Owm Weather | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.
|
|||||
| CVE-2022-47178 | 1 Simplesharebuttons | 1 Simple Share Buttons Adder | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions.
|
|||||
| CVE-2022-47177 | 1 Wpeasypay | 1 Wp Easypay | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions.
|
|||||
| CVE-2022-47175 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
|
|||||
| CVE-2022-47174 | 1 Wordpress | 1 Performance Lab | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions.
|
|||||
| CVE-2022-47172 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.
|
|||||
| CVE-2022-47169 | 1 Staxwp | 1 Visibility Logic For Elementor | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions.
|
|||||