Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-46869

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-16 Jun, 2026 | 19:27
Updated At-17 Jun, 2026 | 15:02
Rejected At-
Credits

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Dump and Load). Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:16 Jun, 2026 | 19:27
Updated At:17 Jun, 2026 | 15:02
Rejected At:
â–¼CVE Numbering Authority (CNA)

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Dump and Load). Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
MySQL Shell
Versions
Affected
  • From 8.4.0 through 8.4.9 (custom)
  • From 9.0.0 through 9.7.0 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AEasily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data.
Type: N/A
CWE ID: N/A
Description: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data.
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com/security-alerts/cspujun2026.html
vendor-advisory
Hyperlink: https://www.oracle.com/security-alerts/cspujun2026.html
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:17 Jun, 2026 | 10:54
Updated At:18 Jun, 2026 | 22:57

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Dump and Load). Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches
Oracle Corporation
oracle
>>mysql_shell>>Versions from 8.4.0(inclusive) to 8.4.9(inclusive)
cpe:2.3:a:oracle:mysql_shell:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql_shell>>Versions from 9.0.0(inclusive) to 9.7.0(inclusive)
cpe:2.3:a:oracle:mysql_shell:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-352
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.oracle.com/security-alerts/cspujun2026.htmlsecalert_us@oracle.com
Vendor Advisory
Hyperlink: https://www.oracle.com/security-alerts/cspujun2026.html
Source: secalert_us@oracle.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

115Records found
CVE-2023-45857
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 41.99%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 00:00
Updated-04 Sep, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Action-Not Available
Vendor-axiosn/a
Product-axiosn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23411
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.1||MEDIUM
EPSS-0.56% / 42.11%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 21:33
Updated-04 Mar, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mySCADA myPRO Manager Cross-Site Request Forgery

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website.

Action-Not Available
Vendor-myscadamySCADA
Product-mypromyPRO Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.47%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 00:00
Updated-04 Sep, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.

Action-Not Available
Vendor-nasan/a
Product-openmctn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35148
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 35.88%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 12:53
Updated-31 Dec, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-digital.ai_app_management_publisherJenkins Digital.ai App Management Publisher Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-3609
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.31% / 67.00%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 02:03
Updated-06 Aug, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.

Action-Not Available
Vendor-JBoss Application ServerRed Hat, Inc.
Product-jboss_application_serverJBoss Application Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28361
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.47%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-27 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.

Action-Not Available
Vendor-unin/a
Product-ubiquiti_networks_unifi_dream_machine_professionalunifi_dream_routerunifi_protect_network_video_recorder_professionalcloud_key_gen2_plusunifi_osubiquiti_networks_unifi_dream_machine_seunifi_protect_network_video_recordercloud_key_gen2ubiquiti_networks_unifi_dream_machineUniFi OS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-13606
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 3.14%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 04:37
Updated-08 Apr, 2026 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the `parseData` function. This makes it possible for unauthenticated attackers to export sensitive information including user data, email addresses, password hashes, and WooCommerce data to an attacker-controlled file path on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-smackcoders
Product-Export All Posts, Products, Orders, Refunds & Users
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-28023
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 3.91%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 19:07
Updated-21 Oct, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). 

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_webuiHCL BigFix WebUI Software Distribution
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1965
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.43% / 34.32%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 00:00
Updated-29 Jan, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1623
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 26.95%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 18:31
Updated-04 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Custom Post Type UI < 1.13.5 - Debug Info Sending via CSRF

The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.

Action-Not Available
Vendor-webdevstudiosUnknown
Product-custom_post_type_uiCustom Post Type UI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4107
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 29.85%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 13:41
Updated-14 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server

Action-Not Available
Vendor-UnknownCedCoss Technologies Pvt. Ltd.
Product-smsa_shipping_for_woocommerceSMSA Shipping for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2022-30694
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 20.88%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-21 Apr, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1507s6ag1314-6eh04-7ab0simatic_s7-1200_cpu_12_1214fcsimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511csimatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1simatic_s7-1200_cpu_12_1214c_firmwaresimatic_s7-1200_cpu_12_1211csimatic_s7-1500_cpu_1508s_f_firmware6es7317-2ek14-0ab0_firmwaresimatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1512spf-1simatic_drive_controller_cpu_1507d_tf_firmwaresimatic_s7-1500_cpu_1513-1sinumerik_one_firmwaresimatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1517-3_pnsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1513r-1simatic_s7-1200_cpu_1215_fcsimatic_s7-1500_cpu_1512c_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1200_cpu_12_1215csimatic_s7-1500_cpu_1518hf-46es7154-8fb01-0ab0_firmwaresimatic_s7-1500_cpu_1518-4_pn_firmwaresimatic_s7-1500_cpu_1518-4_dp_firmwaresimatic_s7-1500_cpu_1516tf-3_firmware6es7151-8fb01-0ab0_firmwaresimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsimatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1508s_fsimatic_s7-1500_cpu_15prof-2_firmwaresimatic_s7-1500_cpu_1513f-1_pn6es7154-8ab01-0ab06ag1151-8fb01-2ab0_firmware6ag1314-6eh04-7ab0_firmwaresimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517-3_pn_firmware6es7315-2eh14-0ab0simatic_s7-1500_cpu_1517-3_dpsimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_12_1214csimatic_s7-1200_cpu_1211c_firmware6es7315-2fj14-0ab0_firmwaresimatic_s7-1200_cpu_1214c6ag1151-8ab01-7ab06es7317-2fk14-0ab0simatic_s7-1500_cpu_15prof-2simatic_s7-1500_cpu_1516tf-36es7317-2ek14-0ab0simatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresimatic_s7-1500_cpu_151511f-1_firmwaresimatic_s7-1500_cpu_1507s_f_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1511t-1simatic_drive_controller_cpu_1504d_tf_firmwaresimatic_s7-1500_cpu_1517tf-3simatic_wincc_runtimesimatic_s7-1500_cpu_1515-2_pnsimatic_s7-1200_cpu_1214_fcsimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmware6ag1317-2fk14-2ab0_firmware6es7315-2eh14-0ab0_firmware6es7314-6eh04-0ab0_firmwaresimatic_s7-400_pn\/dp_v6_firmwaresimatic_s7-1500_cpu_1515-2simatic_pcssimatic_s7-1500_cpu_1516-3_pnsimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_drive_controller_cpu_1504d_tfsimatic_s7-400_pn\/dp_v7_firmwaresimatic_drive_controller_cpu_1507d_tfsimatic_s7-1500_cpu_1508s_firmwaresimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1500_cpu_151511c-1simatic_s7-1500_cpu_1518tf-4_firmwaresimatic_s7-1200_cpu_12_1212fcsimatic_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1507s_fsimatic_s7-1500_cpu_1518simatic_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-46es7317-7tk10-0ab0simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_s7-1500_cpu_1512c-1_firmware6es7318-3fl01-0ab0_firmwaresimatic_s7-1500_cpu_1513f-1_pn_firmware6es7318-3fl01-0ab06es7154-8ab01-0ab0_firmwaresimatic_s7-1500_cpu_1518_firmware6es7154-8fb01-0ab0simatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1214_fc_firmwaresimatic_s7-1500_cpu_1516t-36es7315-7tj10-0ab0_firmwaresimatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsinumerik_one6ag1315-2fj14-2ab0simatic_s7-400_pn\/dp_v6simatic_s7-1200_cpu_1215_fc_firmwaresimatic_s7-1500_cpu_15pro-2simatic_s7-1500_cpu_1515t-2simatic_s7-1200_cpu_12_1215fc_firmwaresimatic_s7-1500_cpu_1518-4_pn6es7315-2fj14-0ab0simatic_s7-1200_cpu_12_1212c_firmwaresimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_15pro-2_firmwaresimatic_s7-1200_cpu_12_1212fc_firmwaresimatic_s7-1500_cpu_1515tf-2_firmwaresimatic_s7-1500_cpu_151511c-1_firmwaresimatic_s7-1200_cpu_12_1217csimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1200_cpu_12_1217c_firmware6es7317-2fk14-0ab0_firmwaresimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_151511f-1simatic_s7-1500_cpu_1511-1simatic_s7-1500_cpu_1518-4_dpsimatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1200_cpu_1217c_firmware6es7151-8ab01-0ab06ag1317-2ek14-7ab0simatic_s7-1200_cpu_1214fc_firmware6es7317-7ul10-0ab0_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215c6es7315-7tj10-0ab0simatic_s7-1500_cpu_1515r-26es7151-8fb01-0ab0simatic_s7-1200_cpu_12_1215fc6es7318-3el01-0ab0_firmware6ag1315-2fj14-2ab0_firmwaresimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1512c6es7154-8fx00-0ab0_firmwaresimatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmware6es7318-3el01-0ab0simatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_12_1214fc_firmwaresimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1517-3_dp_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dp_firmware6es7154-8fx00-0ab0simatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1200_cpu_12_1212c6es7317-7ul10-0ab0simatic_s7-1500_cpu_1511f-1simatic_s7-1500_cpu_1515tf-2simatic_s7-1500_cpu_1511c_firmwaresimatic_s7-1500_cpu_1511tf-16ag1151-8ab01-7ab0_firmwaresimatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dp_firmware6ag1315-2eh14-7ab0simatic_s7-1500_cpu_1516-3_dpsimatic_s7-1500_cpu_1508ssimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_pcs_firmwaresimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1515t-2_firmware6es7151-8ab01-0ab0_firmware6ag1315-2eh14-7ab0_firmwaresimatic_s7-1500_cpu_1516-3_dp_firmware6es7317-7tk10-0ab0_firmwaresimatic_s7-400_pn\/dp_v7simatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_1512sp-1_firmware6ag1317-2fk14-2ab0simatic_s7-1500_cpu_1515f-2simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1200_cpu_12_1215c_firmwaresimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1516-3_pn_firmware6es7314-6eh04-0ab0simatic_s7-1200_cpu_12_1211c_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmware6ag1151-8fb01-2ab0simatic_s7-1500_cpu_1507s_firmwaresimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518t-46ag1317-2ek14-7ab0_firmwareSIMATIC S7-1500 CPU 1512C-1 PNSIMATIC PC StationSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIMATIC S7-300 CPU 315F-2 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1510SP-1 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1511TF-1 PNSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS S7-1500 CPU 1517H-3 PNSINUMERIK ONESIMATIC S7-300 CPU 315-2 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 CPU 1518HF-4 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC ET 200S IM151-8F PN/DP CPUSIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC ET 200pro IM154-8 PN/DP CPUSIMATIC ET 200pro IM154-8F PN/DP CPUSIMATIC S7-300 CPU 319-3 PN/DPSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIPLUS S7-300 CPU 317F-2 PN/DPSIMATIC S7-PLCSIM AdvancedSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 CPU 1517H-3 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIPLUS S7-1500 CPU 1513F-1 PNSIPLUS S7-300 CPU 315-2 PN/DPSIMATIC Drive Controller CPU 1507D TFSIPLUS S7-300 CPU 314C-2 PN/DPSIPLUS ET 200S IM151-8F PN/DP CPUSIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 CPU 1513R-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1512SP F-1 PNSIPLUS S7-300 CPU 315F-2 PN/DPSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC ET 200pro IM154-8FX PN/DP CPUSIMATIC S7-1500 Software Controller V2SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-300 CPU 315T-3 PN/DPSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1513-1 PNSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC WinCC Runtime AdvancedSIPLUS S7-1500 CPU 1515R-2 PN TX RAILSIMATIC S7-1500 CPU 1512SP-1 PNSIMATIC S7-300 CPU 319F-3 PN/DPSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-300 CPU 317T-3 PN/DPSIPLUS ET 200S IM151-8 PN/DP CPUSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS S7-1500 CPU 1518HF-4 PNSIPLUS S7-1500 CPU 1513-1 PNSIMATIC ET 200S IM151-8 PN/DP CPUSIPLUS S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIMATIC S7-300 CPU 317TF-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-28921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 48.30%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 17:11
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server.

Action-Not Available
Vendor-blogenginen/a
Product-blogengine.netn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-27210
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 48.49%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 16:45
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-kubernetes_continuous_deployJenkins Kubernetes Continuous Deploy Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4395
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 30.04%
||
7 Day CHG~0.00%
Published-01 Jul, 2023 | 05:33
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass

The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-VillaTheme
Product-abandoned_cart_recovery_for_woocommerceAbandoned Cart Recovery for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found