Export limit exceeded: 361519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9373 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32989 | 1 Jenkins | 1 Azure Vm Agents | 2025-01-23 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method. | ||||
| CVE-2023-32995 | 1 Jenkins | 1 Saml Single Sign On | 2025-01-23 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. | ||||
| CVE-2023-33006 | 1 Jenkins | 1 Wso2 Oauth | 2025-01-23 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account. | ||||
| CVE-2023-33003 | 1 Jenkins | 1 Tag Profiler | 2025-01-23 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. | ||||
| CVE-2023-32998 | 1 Jenkins | 1 Appspider | 2025-01-23 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | ||||
| CVE-2023-32987 | 1 Jenkins | 1 Reverse Proxy Auth | 2025-01-23 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | ||||
| CVE-2023-32980 | 2 Jenkins, Redhat | 2 Email Extension, Openshift | 2025-01-23 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. | ||||
| CVE-2023-32978 | 1 Jenkins | 1 Lightweight Directory Access Protocol | 2025-01-23 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. | ||||
| CVE-2024-31985 | 1 Xwiki | 1 Xwiki | 2025-01-23 | 5.4 Medium |
| XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page. | ||||
| CVE-2024-43301 | 1 Fontsplugin | 1 Fonts | 2025-01-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7. | ||||
| CVE-2023-2195 | 1 Jenkins | 1 Code Dx | 2025-01-22 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2023-2631 | 1 Jenkins | 1 Code Dx | 2025-01-22 | 4.3 Medium |
| A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2024-2560 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-01-22 | 4.3 Medium |
| A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-31708 | 1 Eyoucms | 1 Eyoucms | 2025-01-21 | 4.3 Medium |
| A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | ||||
| CVE-2024-0203 | 1 Unitedover | 1 Digits | 2025-01-21 | 8.8 High |
| The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-4429 | 1 Microfocus | 1 Imanager | 2025-01-21 | 5.4 Medium |
| Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure. | ||||
| CVE-2024-31986 | 1 Xwiki | 1 Xwiki | 2025-01-21 | 9.1 Critical |
| XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page. | ||||
| CVE-2024-37306 | 1 Cvat | 2 Computer Vision Annotation Tool, Cvat | 2025-01-21 | 7.1 High |
| Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a project, task or job that the victim user has permission to export into a cloud storage that the victim user has access to. The name of the resulting file can be chosen by the attacker. This implies that the attacker can overwrite arbitrary files in any cloud storage that the victim can access and, if the attacker has read access to the cloud storage used in the attack, they can obtain media files, annotations, settings and other information from any projects, tasks or jobs that the victim has permission to export. Version 2.14.3 contains a fix for the issue. No known workarounds are available. | ||||
| CVE-2023-27387 | 2 Especmic, Tandd | 20 Rs-12n, Rs-12n Firmware, Rt-12n and 17 more | 2025-01-17 | 8.8 High |
| Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | ||||
| CVE-2022-4621 | 1 Panasonic | 10 Vcc-hd2100p, Vcc-hd2100p Firmware, Vcc-hd3100p and 7 more | 2025-01-16 | 7.5 High |
| Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges. | ||||