Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2026-29839 HIGH

DedeCMS v5.7.118 - Cross-Site Request Forgery in sys_task_add.php

CVE-2026-33252 HIGH

MCP Go SDK Allows Cross-Site Tool Execution for HTTP Servers without Authorizatrion

CVE-2026-33649 HIGH

AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

CVE-2026-33507 HIGH

AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload

CVE-2026-4590 LOW

kalcaddle kodbox loginSubmit API index.class.php cross-site request forgery

CVE-2026-31849 MEDIUM

Missing CSRF protection on state-changing endpoints in Nexxt Nebula 300+

CVE-2026-4143 MEDIUM

Neos Connector for Fakturama <= 0.0.14 - Cross-Site Request Forgery to Settings Update

CVE-2026-3332 MEDIUM

Xhanch - My Advanced Settings <= 1.1.2 - Cross-Site Request Forgery to Settings Update

CVE-2026-3331 MEDIUM

Lobot Slider Administrator <= 0.6.0 - Cross-Site Request Forgery to Settings Update

CVE-2026-2723 MEDIUM

Post Snippits <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

CVE-2026-1503 MEDIUM

login_register <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2026-1393 MEDIUM

Add Google Social Profiles to Knowledge Graph Box <= 1.0 - Cross-Site Request Forgery to Settings Update

CVE-2026-1392 MEDIUM

SR WP Minify HTML <= 2.1 - Cross-Site Request Forgery to Settings Update

CVE-2026-1390 MEDIUM

Redirect countdown <= 1.0 - Cross-Site Request Forgery to Settings Update

CVE-2026-1378 MEDIUM

WP Posts Re-order <= 1.0 - Cross-Site Request Forgery to Settings Update

CVE-2026-32989 HIGH

Precurio Intranet Portal 4.4: Cross-Site Request Forgery leading to arbitrary file upload

CVE-2026-33372 MEDIUM

Zimbra Collaboration 10.0-10.1 - CSRF

CVE-2026-32816 MEDIUM

Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

CVE-2026-32755 MEDIUM

Admidio is Missing CSRF Protection on Role Membership Date Changes

CVE-2026-4068 MEDIUM

Add Custom Fields to Media <= 2.0.3 - Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter

CVE-2026-22323 HIGH

Cross‑Site Request Forgery in Link Aggregation Configuration

CVE-2026-27978 MEDIUM

Next.js: null origin can bypass Server Actions CSRF checks

CVE-2026-32839 MEDIUM

Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

CVE-2026-29521 MEDIUM

Hereta ETH-IMC408M CSRF via Configuration Setup

CVE-2026-32456 MEDIUM

Admin Menu Editor <= 1.14.1 - Cross-Site Request Forgery

Previous Page 11 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy