CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,371 vulnerabilities with CWE-352
CVE-2022-41474
MEDIUM
RPCMS v3.0.2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-34020
HIGH
ResIOT ResIOT IOT Platform + LoRaWAN Network Server <4.1.1000114 - ...
CVSS 8.8
CVE-2022-42087
MEDIUM
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 - Cross-Site Request Forgery via fromSysToolReboot
CVSS 6.5
CVE-2022-42086
MEDIUM
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 - Cross-Site Request Forgery via TendaAteMode
CVSS 6.5
CVE-2022-42078
MEDIUM
Tenda AC1206 Firmware US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 - Cross-Site Request Forgery via fromSysToolRestoreSet
CVSS 6.5
CVE-2022-42077
MEDIUM
Tenda AC1206 Firmware US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 - Cross-Site Request Forgery via fromSysToolReboot
CVSS 6.5
CVE-2022-38086
MEDIUM
Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-32175
MEDIUM
AdGuardHome 0.95-0.108.0-b.13 - Cross-Site Request Forgery in Custom Filtering Rules
CVSS 5.4
CVE-2022-40180
MEDIUM
Siemens Desigo PXM and PXG3 - Cross-Site Request Forgery in Import Files Functionality
CVSS 5.3
CVE-2022-40179
HIGH
Siemens Desigo PXM and PXG3 - Cross-Site Request Forgery in Operation Web Application
CVSS 8.1
CVE-2022-3208
MEDIUM
Simple File List < 4.4.12 - Cross-Site Request Forgery via Missing Nonce Check
CVSS 6.5
CVE-2022-3154
HIGH
Woo Billingo Plus < 4.4.5.4 - Cross-Site Request Forgery in AJAX Actions
CVSS 7.1
CVE-2022-2350
MEDIUM
Disable User Login < 1.0.1 - Unauthenticated Missing Authorization
CVSS 5.3
CVE-2022-22493
HIGH
IBM WebSphere Automation <1.4.2 - CSRF
CVSS 8.8
CVE-2022-2986
HIGH
moodle 3.11.0-3.11.8 - Cross-Site Request Forgery via H5P Library Toggle
CVSS 8.8
CVE-2022-2783
MEDIUM
Octopus Server 3.12.0-2022.1.3154 - Cross-Site Request Forgery via Session Cookie
CVSS 5.3
CVE-2022-2839
MEDIUM
Zephyr Project Manager WordPress <3.2.55 - CSRF, XSS
CVSS 5.4
CVE-2022-39268
HIGH
orchest 2022.03.7-2022.09.9 - Cross-Site Request Forgery
CVSS 8.1
CVE-2022-3057
MEDIUM
Google Chrome <105.0.5195.52 - Info Disclosure
CVSS 6.5
CVE-2022-3119
HIGH
OAuth client Single Sign On WordPress plugin < 3.0.4 - Unauthenticated Settings Update and OAuth Endpoint Hijack
CVSS 7.5
CVE-2022-3098
MEDIUM
Login Block IPs < 1.0.0 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-3025
MEDIUM
Bitcoin / Altcoin Faucet WordPress <1.6.0 - CSRF & XSS
CVSS 5.4
CVE-2022-3024
MEDIUM
Simple Bitcoin Faucets <1.7.0 - CSRF & XSS
CVSS 5.4
CVE-2022-2987
HIGH
Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update and Authentication Bypass
CVSS 7.5
CVE-2022-2405
MEDIUM
WP Popup Builder < 1.2.9 - Authenticated Arbitrary Popup Deletion via Missing Authorization
CVSS 4.3
Details
Vulnerabilities
9,371
Exploit Likelihood
Medium