CVE-2021-22026

The vRealize Operations Manager API 8.x prior to 8.5 contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure...

CVE-2021-22701

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause a user to perform an unintended action on the target device when using the HTTP web...

CVE-2021-22512

Cross-Site Request Forgery CSRF vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks...

CVE-2021-22500

Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing...

CVE-2021-22049

The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...

CVE-2021-22724

A CVE-352 Cross-Site Request Forgery CSRF vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22...

CVE-2021-22027

The vRealize Operations Manager API 8.x prior to 8.5 contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure...

CVE-2016-10874

The wp-database-backup plugin before 4.3.3 for WordPress has CSRF...

CVE-2016-10946

The wp-d3 plugin before 2.4.1 for WordPress has CSRF...

CVE-2016-10865

The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery CSRF via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS...

CVE-2016-10766

edx-platform before 2016-06-06 allows CSRF...

CVE-2016-2199

Multiple cross-site request forgery CSRF vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager MVM before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via...

CVE-2025-23195

An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...

CVE-2022-38931

A Server-Side Request Forgery SSRF in fetchnetfileupload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter...

CVE-2022-23888

YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey CSRF via the component /yzmcms/comment/index/init.html...

CVE-2022-23349

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery CSRF...

CVE-2022-23734

A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery SSRF that would let an attacke...

CVE-2022-23111

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2022-23685

A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery CSRF protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can...

CVE-2022-23384

YzmCMS v6.3 is affected by Cross Site Request Forgery CSRF in /admin.add...