CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,371 vulnerabilities with CWE-352
CVE-2022-45668
MEDIUM
Tenda i22 V1.0.0.3(4687) - Cross-Site Request Forgery via fromSysToolReboot
CVSS 6.5
CVE-2022-45667
MEDIUM
Tenda i22 V1.0.0.3(4687) - Cross-Site Request Forgery via fromSysToolRestoreSet
CVSS 6.5
CVE-2022-45674
MEDIUM
Tenda AC6V1.0 V15.03.05.19 - Cross-Site Request Forgery via fromSysToolReboot
CVSS 6.5
CVE-2022-45673
MEDIUM
Tenda AC6V1.0 V15.03.05.19 - Cross-Site Request Forgery via fromSysToolRestoreSet
CVSS 6.5
CVE-2022-41297
MEDIUM
IBM Db2U 3.5-4.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-40489
HIGH
ThinkCMF < 6.0.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-26366
MEDIUM
AdRotate Banner Manager Plugin <= 5.9 - CSRF
CVSS 5.4
CVE-2022-41413
MEDIUM
perfSONAR 4.0-4.4.5 - Cross-Site Request Forgery via Search Function
CVSS 4.3
CVE-2022-3898
HIGH
WP Affiliate Platform <6.3.9 - CSRF
CVSS 8.8
CVE-2022-3747
HIGH
Becustom <= 1.0.5.2 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 8.8
CVE-2022-44937
MEDIUM
Bosscms v2.0.0 - Cross-Site Request Forgery via Administrator List Add Function
CVSS 6.5
CVE-2022-34654
MEDIUM
Manage Notification E-mails < 1.8.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-23044
HIGH
Tiny File Manager 2.4.8 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2022-4090
MEDIUM
rickxy Stock Management System - CSRF
CVSS 4.3
CVE-2022-41927
HIGH
XWiki Platform 3.2-13.10.6 - Cross-Site Request Forgery in Tag Management
CVSS 7.4
CVE-2022-41925
HIGH
Tailscale < 1.32.3 - Cross-Site Request Forgery via DNS Rebinding
CVSS 8.8
CVE-2022-41924
CRITICAL
Tailscale < 1.32.3 - Remote Code Execution via Local API Host Header Spoofing
CVSS 9.6
CVE-2022-45149
MEDIUM
Moodle 3.9.0-3.9.17 - Cross-Site Request Forgery via Course Redirect URL
CVSS 5.4
CVE-2022-41919
MEDIUM
fastify 3.0.0-3.29.3 and 4.0.0-4.10.1 - Cross-Site Request Forgery via Incorrect Content-Type Bypass
CVSS 4.2
CVE-2022-44737
MEDIUM
All-In-One Security (AIOS) - Security and Firewall < 5.1.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-3750
MEDIUM
inkthemes ask_me < 6.8.7 - Cross-Site Request Forgery
CVSS 4.7
CVE-2022-45073
MEDIUM
WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-44740
MEDIUM
Creative Mail by Constant Contact <= 1.5.4 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-41685
MEDIUM
Szamlazz.hu & WooCommerce <=5.6.3.2 - CSRF
CVSS 5.4
CVE-2022-41634
MEDIUM
Media Library Folders <7.1.1 - CSRF
CVSS 5.4
Details
Vulnerabilities
9,371
Exploit Likelihood
Medium