Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2020-37145 4.3 MEDIUM 1 PoC Analysis EPSS 0.00

HRSALE 1.1.8 - CSRF

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges.

CWE-352 Feb 05, 2026

CVE-2020-37144 5.3 MEDIUM 1 PoC Analysis EPSS 0.00

Exagate SYSGuard 6001 - CSRF

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the victim's consent.

CWE-352 Feb 05, 2026

CVE-2020-37118 3.5 LOW 1 PoC Analysis EPSS 0.00

P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.

CWE-352 Feb 05, 2026

CVE-2025-68722 8.8 HIGH 1 PoC Analysis EPSS 0.00

Axigen Mail Server <10.5.57, 10.6.x <10.6.26 - CSRF

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. Attackers can craft malicious URLs that, when clicked by administrators, execute arbitrary administrative actions upon login without further user interaction, including creating rogue administrator accounts or modifying critical server configurations.

CWE-352 Feb 05, 2026

CVE-2024-40685 4.3 MEDIUM EPSS 0.00

IBM Operations Analytics - Log Analysis <1.3.8.3 - CSRF

IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions.

CWE-352 Feb 04, 2026

CVE-2026-1835 4.3 MEDIUM EPSS 0.00

lcg0124 BootDo <e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb - CSRF

A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. This affects an unknown part. The manipulation leads to cross-site request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.

CWE-352 Feb 04, 2026

CVE-2026-25155 5.9 MEDIUM 1 Writeup EPSS 0.00

Qwik < 1.12.0 - CSRF

Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0.

CWE-352 Feb 03, 2026

CVE-2026-25151 5.9 MEDIUM 1 Writeup EPSS 0.00

Qwik < 1.19.0 - CSRF

Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued Content-Type headers. This issue has been patched in version 1.19.0.

CWE-352 Feb 03, 2026

CVE-2020-37096 5.3 MEDIUM 1 PoC Analysis EPSS 0.00

Edimax EW-7438RPn <1.13 - CSRF

Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.

CWE-352 Feb 03, 2026

CVE-2020-37091 5.3 MEDIUM 1 PoC Analysis EPSS 0.00

Maian Support Helpdesk <4.3 - CSRF

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.

CWE-352 Feb 03, 2026

CVE-2026-24434 6.5 MEDIUM EPSS 0.00

Shenzhen Tenda AC7 <V03.03.03.01_cn - CSRF

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrator to perform unintended state-changing requests and modify router settings.

CWE-352 Feb 03, 2026

CVE-2026-24666 6.5 MEDIUM EPSS 0.00

Open eClass <4.2 - CSRF

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as modifying assignment grades, via crafted requests. This issue has been patched in version 4.2.

CWE-352 Feb 03, 2026

CVE-2026-25024 5.4 MEDIUM EPSS 0.00

ThirstyAffiliates <4 - CSRF

Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through <= 3.11.9.

CWE-352 Feb 03, 2026

CVE-2026-25015 4.3 MEDIUM EPSS 0.00

Stiofan UsersWP <1.2.53 - CSRF

Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.53.

CWE-352 Feb 03, 2026

CVE-2026-25014 4.3 MEDIUM EPSS 0.00

Enter Addons <2.3.2 - CSRF

Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2.

CWE-352 Feb 03, 2026

CVE-2026-24986 5.4 MEDIUM EPSS 0.00

Simple Membership WP user Import <= 1.9.1 - CSRF

Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through <= 1.9.1.

CWE-352 Feb 03, 2026

CVE-2026-24966 4.3 MEDIUM EPSS 0.00

Copyscape Premium - CSRF

Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium allows Cross Site Request Forgery.This issue affects Copyscape Premium: from n/a through <= 1.4.1.

CWE-352 Feb 03, 2026

CVE-2026-24962 4.3 MEDIUM EPSS 0.00

Brainstorm Force Sigmize <0.0.10 - CSRF

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery.This issue affects Sigmize: from n/a through <= 0.0.9.

CWE-352 Feb 03, 2026

CVE-2026-24942 4.3 MEDIUM EPSS 0.00

WpEvently <5.1.1 - CSRF

Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through <= 5.1.1.

CWE-352 Feb 03, 2026

CVE-2026-20704 4.3 MEDIUM EPSS 0.00

WRC-X1500GS-B/WRC-X1500GSA-B - CSRF

Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.

CWE-352 Feb 03, 2026

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps