55977 matches found
CVE-2022-23349
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery CSRF...
CVE-2022-23734
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery SSRF that would let an attacke...
CVE-2022-23111
A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-23685
A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery CSRF protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can...
CVE-2022-23384
YzmCMS v6.3 is affected by Cross Site Request Forgery CSRF in /admin.add...
CVE-2022-23052
PeteReport Version 0.5 contains a Cross Site Request Forgery CSRF vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application...
CVE-2022-23887
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete user accounts via /admin/adminmanage/delete...
CVE-2022-42894
A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. An unauthenticated Server-Side Request Forgery SSRF vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as loca...
CVE-2022-42077
Tenda AC1206 USAC1206V1.0RTLV15.03.06.23multiTD01 is vulnerable to Cross Site Request Forgery CSRF via function fromSysToolReboot...
CVE-2022-42086
Tenda AX1803 USAX1803v2.0brv1.0.0.12994CNZGYD014 is vulnerable to Cross Site Request Forgery CSRF via function TendaAteMode...
CVE-2022-42149
kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...
CVE-2022-37719
A Cross-Site Request Forgery CSRF in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors...
CVE-2022-37783
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...
CVE-2022-31386
A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...
CVE-2022-31827
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery SSRF via the function performFetchRequest at HTTPFetcher.php...
CVE-2022-31830
Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery SSRF via the init function at ImageCapture.class.php...
CVE-2022-31393
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...
CVE-2022-31000
solidusbackend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery CSRF vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the...
CVE-2022-0085
Server-Side Request Forgery SSRF in GitHub repository dompdf/dompdf prior to 2.0.0...
CVE-2022-26588
A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...