Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2026-34896 HIGH

WordPress Under Construction, Coming Soon & Maintenance Mode plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability

CVE-2026-35181 MEDIUM

WWBN AVideo Affected by CSRF on Player Skin Configuration via admin/playerUpdate.json.php

CVE-2026-35180 MEDIUM

WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

CVE-2026-5624 MEDIUM

ProjectSend upload.php cross-site request forgery

CVE-2026-5572 MEDIUM

Technostrobe HI-LED-WR120-G2 cross-site request forgery

CVE-2026-34228 MEDIUM

Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write

CVE-2026-34749 MEDIUM

Payload <3.79.1 Authentication Flow - CSRF Protection Bypass

CVE-2026-5283 MEDIUM

Google Chrome <146.0.7680.178 - Info Disclosure

CVE-2026-34613 MEDIUM

AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

CVE-2026-34611 MEDIUM

AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users

CVE-2026-34394 HIGH

AVideo: CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking

CVE-2026-34384 MEDIUM

Admidio: Missing CSRF Protection on Registration Approval Actions

CVE-2026-34383 MEDIUM

Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

CVE-2026-34382 MEDIUM

Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php

CVE-2026-3191 MEDIUM

Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update

CVE-2026-33373 HIGH

Zimbra Collaboration 10.0-10.1 - CSRF

CVE-2026-4315 HIGH

WatchGuard Firebox Cross-Site Request Forgery (CSRF) in Fireware Web UI

CVE-2026-4971 MEDIUM

SourceCodester Note Taking App cross-site request forgery

CVE-2026-4968 MEDIUM

SourceCodester Diary App diary.php cross-site request forgery

CVE-2026-4984 HIGH

Botpress - Credential Disclosure via Twilio Webhook Handler

CVE-2026-4393 MEDIUM

Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

CVE-2026-1032 MEDIUM

Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update

CVE-2026-3857 HIGH

Cross-Site Request Forgery (CSRF) in GitLab

CVE-2026-27659 MEDIUM

Mattermost <= 11.4.0 - Access Control Policy Activation CSRF

CVE-2026-3211 MEDIUM

Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

Previous Page 10 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy