Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,348 vulnerabilities with CWE-352

CVE-2024-2817 MEDIUM

Tenda AC15 15.03.05.18 - Cross-Site Request Forgery via fromSysToolRestoreSet

CVE-2024-2816 MEDIUM

Tenda AC15 15.03.05.18 - Cross-Site Request Forgery via fromSysToolReboot

CVE-2024-25808 HIGH

Lychee 3.1.6 - Cross-Site Request Forgery via Album Creation

CVE-2024-1727 MEDIUM

gradio < 4.19.2 - Cross-Site Request Forgery via File Upload

CVE-2024-27968 HIGH

Super Page Cache for Cloudflare < 4.7.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2024-1538 HIGH

File Manager < 7.2.5 - Unauthenticated Cross-Site Request Forgery via 'lang' Parameter

CVE-2024-1503 MEDIUM

Tutor LMS < 2.6.1 - Cross-Site Request Forgery via erase_tutor_data() Function

CVE-2024-1214 MEDIUM

Easy Social Feed < 6.5.4 - Cross-Site Request Forgery via save_groups_list Function

CVE-2024-1213 MEDIUM

Easy Social Feed < 6.5.4 - Cross-Site Request Forgery

CVE-2024-2748 MEDIUM

GitHub Enterprise Server 3.12.0 - Cross-Site Request Forgery

CVE-2024-29026 HIGH

owncast < 0.1.2 - Unauthenticated Admin Password Leak via Lenient CORS Policy

CVE-2024-1325 MEDIUM

Live Sales Notification for Woocommerce - Woomotiv <= 3.4.3 - Cross-Site Request Forgery via ajax_cancel_review Function

CVE-2024-0856 HIGH

Appointment Booking Calendar <1.3.83 - CSRF

CVE-2024-1785 MEDIUM

Contests by Rewards Fuel <= 2.0.62 - Cross-Site Request Forgery via ajax_handler() Function

CVE-2024-24336 HIGH

Koha Library Management System <23.05.05 - XSS

CVE-2024-29093 MEDIUM

Builder for WooCommerce reviews shortcodes - ReviewShort <= 1.01.3 - Cross-Site Request Forgery

CVE-2024-27439 MEDIUM

Apache Wicket <9.16.0 - Auth Bypass

CVE-2024-0858 HIGH

Innovs HR < 1.0.3.4 - Cross-Site Request Forgery

CVE-2024-0779 HIGH

Enjoy Social Feed < 6.2.2 - Unauthenticated Cross-Site Request Forgery via admin_init Hook

CVE-2024-27974 MEDIUM

FUJIFILM DocuPrint Series - Cross-Site Request Forgery

CVE-2024-22475 MEDIUM

Multiple Printers and Scanners - Cross-Site Request Forgery

CVE-2024-2560 MEDIUM

Tenda AC18 15.03.05.05 - Cross-Site Request Forgery via fromSysToolRestoreSet

CVE-2024-2559 MEDIUM

Tenda AC18 15.03.05.05 - Cross-Site Request Forgery via fromSysToolReboot

CVE-2024-27197 HIGH

BeePress < 6.9.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2024-27195 HIGH

Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery

Previous Page 140 of 374 Next

Details

Vulnerabilities 9,348

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy