Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,119 vulnerabilities with CWE-352

CVE-2026-40925 HIGH

WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials

CVE-2026-40883 HIGH

goshs: CSRF in state-changing GET routes enables authenticated file deletion and directory creation

CVE-2026-41194 MEDIUM

FreeScout's Mailbox OAuth disconnect uses a state-changing GET and is CSRFable

CVE-2026-31014 MEDIUM

Dovestones Softwares AD Self Update <4.0.0.5 - CSRF

CVE-2026-6777 MEDIUM

Other issue in the Networking: DNS component

CVE-2026-6755 MEDIUM

Mitigation bypass in the DOM: postMessage component

CVE-2026-6589 MEDIUM

ComfyUI server.py create_origin_only_middleware cross-site request forgery

CVE-2026-40948 MEDIUM

Apache Airflow: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager

CVE-2026-40581 HIGH

ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion

CVE-2026-40458 MEDIUM

Cross-Site Request Forgery in PAC4J

CVE-2026-6451 MEDIUM

CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Request Forgery

CVE-2026-1852 MEDIUM

Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion

CVE-2026-40764 HIGH

WordPress Contact Form by WPForms plugin <= 1.10.0.2 - Cross Site Request Forgery (CSRF) vulnerability

CVE-2026-28741 MEDIUM

CSRF Protection Bypass Allows Updating a User's Authentication Method

CVE-2026-4091 MEDIUM

OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery

CVE-2026-4002 MEDIUM

Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action

CVE-2026-6293 MEDIUM

Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter

CVE-2026-40041 MEDIUM

Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints

CVE-2026-6109 MEDIUM

FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery

CVE-2026-1924 MEDIUM

Aruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset

CVE-2026-5918 MEDIUM

Google Chrome <147.0.7727.55 - Info Disclosure

CVE-2026-34721 MEDIUM

Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints

CVE-2026-0811 MEDIUM

Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion

CVE-2026-1673 MEDIUM

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion

CVE-2026-1672 MEDIUM

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification

Previous Page 2 of 365 Next

Details

Vulnerabilities 9,119

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy