Total
8508 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35273 | 1 Egavilanmedia | 1 User Registration \& Login System With Admin Panel | 2024-11-21 | 8.0 High |
| EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account. | ||||
| CVE-2020-35269 | 1 Nagios | 1 Nagios Core | 2024-11-21 | 8.8 High |
| Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers. | ||||
| CVE-2020-35223 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 8.8 High |
| The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. | ||||
| CVE-2020-35217 | 1 Eclipse | 1 Vert.x-web | 2024-11-21 | 8.8 High |
| Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack. | ||||
| CVE-2020-35135 | 1 Infolific | 1 Ultimate Category Excluder | 2024-11-21 | 8.8 High |
| The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. | ||||
| CVE-2020-2321 | 1 Jenkins | 1 Shelve Project | 2024-11-21 | 8.1 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. | ||||
| CVE-2020-2303 | 1 Jenkins | 1 Active Directory | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials. | ||||
| CVE-2020-2296 | 1 Jenkins | 1 Shared Objects | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects. | ||||
| CVE-2020-2295 | 1 Barchart | 1 Maven Cascade Release | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin. | ||||
| CVE-2020-2281 | 1 Jenkins | 1 Lockable Resources | 2024-11-21 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. | ||||
| CVE-2020-2280 | 1 Jenkins | 1 Warnings | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. | ||||
| CVE-2020-2273 | 1 Jenkins | 1 Elastest | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2020-2268 | 1 Jenkins | 1 Mongodb | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2241 | 1 Jenkins | 1 Database | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | ||||
| CVE-2020-2240 | 1 Jenkins | 1 Database | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | ||||
| CVE-2020-2237 | 1 Jenkins | 1 Flaky Test Handler | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | ||||
| CVE-2020-2235 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | ||||
| CVE-2020-2215 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password. | ||||
| CVE-2020-2203 | 1 Jenkins | 1 Fortify On Demand | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. | ||||
| CVE-2020-2196 | 1 Jenkins | 1 Selenium | 2024-11-21 | 8.0 High |
| Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | ||||