Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2026-11148 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Payments Implementation

CVE-2026-11139 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Paint Implementation

CVE-2026-11134 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Media Component

CVE-2026-11129 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Extensions

CVE-2026-11106 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Media Component

CVE-2026-11084 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Password Manager

CVE-2026-11083 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Password Manager

CVE-2026-11020 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Crafted XML File

CVE-2026-43985 HIGH

Tautulli < 2.17.1 - CSRF Admin Credential Takeover

CVE-2026-9732 MEDIUM

EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

CVE-2026-42073 MEDIUM

OpenClaude's MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

CVE-2026-34460 MEDIUM

NamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swapping

CVE-2026-9730 MEDIUM

Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update

CVE-2026-9723 MEDIUM

Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

CVE-2026-9722 MEDIUM

Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

CVE-2026-9599 MEDIUM

Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

CVE-2026-8422 MEDIUM

Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

CVE-2026-4071 MEDIUM

BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

CVE-2026-49433 MEDIUM

DeepAI - Cross-Site Request Forgery via Email Change Endpoint

CVE-2026-40549 MEDIUM

Cross-Site Request Forgery in SOPlanning

CVE-2026-45610 MEDIUM

WWBN AVideo plugin/LoginControl/set.json.php: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA

CVE-2026-6075 HIGH

Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form

CVE-2026-35266 HIGH

Oracle Rest Data Services < 26.1.0 - Denial of Service

CVE-2026-9618 MEDIUM

PeachPay <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink

CVE-2026-6455 HIGH

WP Contact Form 7 DB Handler <= 3.0 - Cross-Site Request Forgery to Arbitrary File Deletion via 'contact_form' Parameter

Previous Page 2 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy