Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29561 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < ...
Show More |
|||||
| CVE-2022-29555 | 1 Northern.tech | 1 Mender | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.
|
|||||
| CVE-2022-29495 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.
|
|||||
| CVE-2022-29468 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-29454 | 1 Wordplus | 1 Better Messages | 2024-11-21 | N/A | 3.1 LOW |
|
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated.
|
|||||
| CVE-2022-29453 | 1 Ayecode | 1 Api Key For Google Maps | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update.
|
|||||
| CVE-2022-29451 | 1 Rarathemes | 1 Rara One Click Demo Import | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.
|
|||||
| CVE-2022-29450 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2024-11-21 | 6.8 MEDIUM | 5.4 MEDIUM |
|
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.
|
|||||
| CVE-2022-29441 | 1 Private Messages Project | 1 Private Messages | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages.
|
|||||
| CVE-2022-29439 | 1 Nextcode | 1 Image Slider By Nextcode | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides.
|
|||||
| CVE-2022-29437 | 1 Nextcode | 1 Image Slider By Nextcode | 2024-11-21 | 6.8 MEDIUM | 5.4 MEDIUM |
|
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress.
|
|||||
| CVE-2022-29436 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code).
|
|||||
| CVE-2022-29435 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets.
|
|||||
| CVE-2022-29431 | 1 Kubiq | 1 Cpt Base | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base.
|
|||||
| CVE-2022-29430 | 1 Png To Jpg Project | 1 Png To Jpg | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.
|
|||||
| CVE-2022-29429 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery.
|
|||||
| CVE-2022-29427 | 1 Disable Right Click For Wp Wordpress | 1 Disable Right Click For Wp | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin <= 1.1.6 at WordPress.
|
|||||
| CVE-2022-29414 | 1 Wpkube | 1 Subscribe To Comments Reloaded | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subsc ...
Show More |
|||||
| CVE-2022-29413 | 1 Hermit Project | 1 Hermit | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter.
|
|||||
| CVE-2022-29412 | 1 Hermit Project | 1 Hermit | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.
|
|||||
| CVE-2022-29050 | 1 Jenkins | 1 Publish Over Ftp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials.
|
|||||
| CVE-2022-29048 | 2 Apple, Jenkins | 2 Macos, Subversion | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
|
|||||
| CVE-2022-29002 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
|
|||||
| CVE-2022-28992 | 1 Phpgurukul | 1 Online Banquet Booking System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.
|
|||||
| CVE-2022-28921 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server.
|
|||||
| CVE-2022-28892 | 1 Mahara | 1 Mahara | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
|
|||||
| CVE-2022-28731 | 1 Apache | 1 Jspwiki | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
|
|||||
| CVE-2022-28152 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.
|
|||||
| CVE-2022-28150 | 1 Jenkins | 1 Job And Node Ownership | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.
|
|||||
| CVE-2022-28143 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters.
|
|||||
| CVE-2022-28138 | 1 Jenkins | 1 Rocketchat Notifier | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential.
|
|||||
| CVE-2022-28136 | 1 Jenkins | 1 Jiratestresultreporter | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
|
|||||
| CVE-2022-28109 | 1 Selenium | 1 Selenium Grid | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.
|
|||||
| CVE-2022-28108 | 1 Selenium | 1 Selenium Grid | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.
|
|||||
| CVE-2022-27860 | 1 Footer-text Project | 1 Footer-text | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress.
|
|||||
| CVE-2022-27855 | 1 Fatcatapps | 1 Analytics Cat | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change.
|
|||||
| CVE-2022-27851 | 1 Dineshkarki | 1 Use Any Font | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key.
|
|||||
| CVE-2022-27850 | 1 Plugin-planet | 1 Simple Ajax Chat | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.
|
|||||
| CVE-2022-27847 | 1 Yooslider | 1 Yoo Slider | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates.
|
|||||
| CVE-2022-27846 | 1 Yooslider | 1 Yoo Slider | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider.
|
|||||