CVE-2022-27375

Tenda AX12 V22.03.01.21CN was discovered to contain a Cross-Site Request Forgery CSRF via the function sub422168 at /goform/WifiExtraSet...

CVE-2022-27340

MCMS v5.2.7 contains a Cross-Site Request Forgery CSRF via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data...

CVE-2022-27214

A cross-site request forgery CSRF vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2022-27632

Cross-site request forgery CSRF vulnerability in RebooterWATCH BOOT nino RPC-M2C End of Sale all firmware versions, WATCH BOOT light RPC-M5C End of Sale all firmware versions, WATCH BOOT L-zero RPC-M4L End of Sale all firmware versions, WATCH BOOT mini RPC-M4H End of Sale all firmware versions,...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2022-27469

Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery SSRF...

CVE-2019-7262

Linear eMerge E3-Series devices allow Cross-Site Request Forgery CSRF...

CVE-2019-7873

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule...

CVE-2019-7923

A server-side request forgery SSRF vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code...

CVE-2019-7851

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages...

CVE-2019-7911

A server-side request forgery SSRF vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin pan...

CVE-2019-7874

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles...

CVE-2019-7865

A cross-site request forgery CSRF vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration...

CVE-2019-7270

Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery CSRF...

CVE-2019-7953

Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user...

CVE-2019-16107

Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

CVE-2019-16560

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system...

CVE-2019-16551

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...

CVE-2019-16573

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...