• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2022-41925

February 23, 2023 by godfreyd94

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node’s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node’s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user’s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue.

CVE-2022-41927

February 23, 2023 by godfreyd94

XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It’s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: “` #if (!$services.csrf.isTokenValid($request.get(‘form_token’))) #set ($discard = $response.sendError(401, “Wrong CSRF token”)) #end “`

CVE-2022-41805

February 23, 2023 by godfreyd94

Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.

CVE-2022-41685

February 23, 2023 by godfreyd94

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter’s Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress.

CVE-2022-41615

February 23, 2023 by godfreyd94

Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.

CVE-2022-41620

February 23, 2023 by godfreyd94

Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 334
  • Go to page 335
  • Go to page 336
  • Go to page 337
  • Go to page 338
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE