Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,362)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-41249 1Jenkins 1Scm Httpclient Jun 17, 2026 Sep 21, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained throug...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2022-41245 1Jenkins 1Worksoft Execution Manager Jun 17, 2026 Sep 21, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obta...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2022-41236 1Jenkins 1Security Inspector Jun 17, 2026 Sep 21, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authori...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options.Show less
CVE-2022-41232 1Jenkins 1Build Publisher Jun 17, 2026 Sep 21, 2022 N/A· v4 8.0 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.Show less
CVE-2022-41227 1Jenkins 1Ns Nd Integration Performance Publisher Jun 17, 2026 Sep 21, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified cr...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials.Show less
CVE-2022-23685 1Arubanetworks 1Clearpass Policy Manager Jun 17, 2026 Sep 20, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated atta...Show more A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can convince an authenticated user of the interface to interact with a specially crafted URL in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.Show less
CVE-2022-35196 1Testlink 1Testlink Jun 17, 2026 Sep 20, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
CVE-2022-1591 1Wordpress Ping Optimizer Project 1Wordpress Ping Optimizer Jun 17, 2026 Sep 19, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-3232 1Ikus Soft 1Rdiffweb Jun 17, 2026 Sep 17, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.
CVE-2022-29489 1Sucuri 1Security Jun 17, 2026 Sep 16, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation.
CVE-2022-3221 1Ikus Soft 1Rdiffweb Jun 17, 2026 Sep 15, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.
CVE-2022-40623 1Wavlink 1Wn531g3 Firmware Jun 17, 2026 Sep 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated comman...Show more The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.Show less
CVE-2022-38329 1Shopxian 1Shopxian Cms Jun 17, 2026 Sep 13, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnera...Show more A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues.Show less
CVE-2022-32555 1Unisys 1Data Exchange Management Studio Jun 17, 2026 Sep 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur.
CVE-2022-38139 1Rdstation 1Rd Station Jun 17, 2026 Sep 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress.
CVE-2022-38144 1Gvectors 1Wpforo Forum Jun 17, 2026 Sep 9, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
CVE-2022-38093 1Aioseo 1All In One Seo Jun 17, 2026 Sep 9, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress.
CVE-2022-38059 1Access Code Feeder Project 1Access Code Feeder Jun 17, 2026 Sep 9, 2022 N/A· v4 8.0 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's Access Code Feeder plugin <= 1.0.3 at WordPress.
CVE-2022-37411 1Captcha Code Project 1Captcha Code Jun 17, 2026 Sep 9, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress.
CVE-2022-37405 1Better Font Awesome Project 1Better Font Awesome Jun 17, 2026 Sep 9, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress.

Previous 1...274275276...469 Next