Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,348 vulnerabilities with CWE-352

CVE-2024-0880 MEDIUM

Qidianbang qdbcrm 1.1.0 - Cross-Site Request Forgery in Password Reset

CVE-2024-0624 MEDIUM

Paid Memberships Pro - WordPress <2.12.7 - CSRF

CVE-2024-23902 MEDIUM

Jenkins GitLab Branch Source Plugin < 684.vea_fa_7c1e2fe3 - Cross-Site Request Forgery

CVE-2024-0623 MEDIUM

VK Block Patterns <= 1.31.1.1 - Cross-Site Request Forgery via vbp_clear_patterns_cache()

CVE-2024-22424 HIGH

Argo CD <2.10-rc2, 2.9.4, 2.8.8, 2.7.15 - CSRF

CVE-2024-22819 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via Email Template Update

CVE-2024-22818 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via /system/site/filterKeyword_save

CVE-2024-22817 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via Email Configuration Update

CVE-2024-22603 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via /system/links/add_link

CVE-2024-22601 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via Score Rule Save Endpoint

CVE-2024-22699 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via /system/admin/update_group_save

CVE-2024-22593 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via /system/admin/add_group_save

CVE-2024-22592 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via /system/user/group_update

CVE-2024-22591 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via /system/user/group_save

CVE-2024-22568 HIGH

FlyCms v1.0 - Cross-Site Request Forgery via /system/score/del

CVE-2024-22416 CRITICAL

pyload-ng < 0.5.0b3.dev78 - Unauthenticated Cross-Site Request Forgery via GET API Requests

CVE-2024-22715 HIGH

Stupid Simple CMS <= 1.2.4 - Cross-Site Request Forgery via /admin-edit.php

CVE-2024-20944 MEDIUM

Oracle iSupport 12.2.3-12.2.13 - Cross-Site Request Forgery

CVE-2024-20942 MEDIUM

Oracle Complex Maintenance, Repair, and Overhaul 11.5, 12.1, 12.2 - Unauthenticated Cross-Site Request Forgery

CVE-2024-20940 MEDIUM

Oracle Knowledge Management 12.2.3-12.2.13 - Cross-Site Request Forgery in Authoring Flow

CVE-2024-20934 MEDIUM

Oracle Installed Base 12.2.3-12.2.13 - Unauthenticated Cross-Site Request Forgery in Engineering Change Order

CVE-2024-0555 MEDIUM

WIC1200 Firmware 1.1 - Cross-Site Request Forgery

CVE-2024-0522 MEDIUM

Allegro RomPager 4.01 - Cross-Site Request Forgery via usertable.htm?action=delete

CVE-2023-52212 MEDIUM

WP Job Manager < 2.0.0 - Cross-Site Request Forgery

CVE-2023-53961 MEDIUM

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - CSRF

Previous Page 147 of 374 Next

Details

Vulnerabilities 9,348

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy