• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2022-30014

February 23, 2023 by godfreyd94

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.

CVE-2022-2986

February 23, 2023 by godfreyd94

Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.

CVE-2022-2987

February 23, 2023 by godfreyd94

The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it’s settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication

CVE-2022-29903

February 23, 2023 by godfreyd94

The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension’s configuration. The attacker must trigger a POST request to Special:PrivateDomains.

CVE-2022-29905

February 23, 2023 by godfreyd94

The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.

CVE-2022-29735

February 23, 2023 by godfreyd94

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 369
  • Go to page 370
  • Go to page 371
  • Go to page 372
  • Go to page 373
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE