CWE-35 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9912 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-34937	1 Yuba	1 U5cms	2024-11-21	8.8 High
Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.
CVE-2022-34817	1 Jenkins	1 Failed Job Deactivator	2024-11-21	4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs.
CVE-2022-34815	1 Jenkins	1 Request Rename Or Delete	2024-11-21	4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs.
CVE-2022-34812	1 Jenkins	1 Xpath Configuration Viewer	2024-11-21	4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions.
CVE-2022-34797	1 Jenkins	1 Deployment Dashboard	2024-11-21	4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.
CVE-2022-34792	1 Jenkins	1 Recipe	2024-11-21	8.0 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.
CVE-2022-34789	1 Jenkins	1 Matrix Reloaded	2024-11-21	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.
CVE-2022-34780	1 Jenkins	1 Xebialabs Xl Release	2024-11-21	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-34367	1 Dell	1 Emc Data Protection Central	2024-11-21	5.4 Medium
Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnerability. A(n) remote unauthenticated attacker could potentially exploit this vulnerability, leading to processing of unintended server operations.
CVE-2022-34211	1 Jenkins	1 Vrealize Orchestrator	2024-11-21	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL.
CVE-2022-34209	1 Jenkins	1 Threadfix	2024-11-21	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2022-34207	1 Jenkins	1 Beaker Builder	2024-11-21	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2022-34205	1 Jenkins	1 Jianliao Notification	2024-11-21	6.5 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.
CVE-2022-34203	1 Jenkins	1 Easyqa	2024-11-21	8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server.
CVE-2022-34200	1 Jenkins	1 Convertigo Mobile Platform	2024-11-21	8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2022-34161	1 Ibm	1 Cics Tx	2024-11-21	8.8 High
IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331.
CVE-2022-34158	1 Apache	1 Jspwiki	2024-11-21	8.8 High
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
CVE-2022-33974	1 Smashballoon	1 Custom Twitter Feeds	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions.
CVE-2022-33711	1 Samsung	1 Android Usb Driver	2024-11-21	5.5 Medium
Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction.
CVE-2022-33121	1 1234n	1 Minicms	2024-11-21	8.1 High
A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.

« first previous Page 373 of 496. next last »