Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,119 vulnerabilities with CWE-352

CVE-2026-34749 MEDIUM

Payload has a CSRF Protection Bypass in Authentication Flow

CVE-2026-5283 MEDIUM

Google Chrome <146.0.7680.178 - Info Disclosure

CVE-2026-34613 MEDIUM

AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

CVE-2026-34611 MEDIUM

AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users

CVE-2026-34394 HIGH

AVideo: CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking

CVE-2026-34384 MEDIUM

Admidio: Missing CSRF Protection on Registration Approval Actions

CVE-2026-34383 MEDIUM

Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

CVE-2026-34382 MEDIUM

Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php

CVE-2026-3191 MEDIUM

Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update

CVE-2026-33373 HIGH

Zimbra Collaboration 10.0-10.1 - CSRF

CVE-2026-4315 HIGH

WatchGuard Firebox Cross-Site Request Forgery (CSRF) in Fireware Web UI

CVE-2026-4971 MEDIUM

SourceCodester Note Taking App cross-site request forgery

CVE-2026-4968 MEDIUM

SourceCodester Diary App diary.php cross-site request forgery

CVE-2026-4393 MEDIUM

Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

CVE-2026-1032 MEDIUM

Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update

CVE-2026-3857 HIGH

Cross-Site Request Forgery (CSRF) in GitLab

CVE-2026-27659 MEDIUM

CSRF vulnerability in UpdateAccessControlPolicyActiveStatus endpoint

CVE-2026-3211 MEDIUM

Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

CVE-2026-29839 HIGH

DedeCMS v5.7.118 - CSRF

CVE-2026-33252 HIGH

MCP Go SDK Allows Cross-Site Tool Execution for HTTP Servers without Authorizatrion

CVE-2026-33649 HIGH

AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

CVE-2026-33507 HIGH

AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload

CVE-2026-4590 LOW

kalcaddle kodbox loginSubmit API index.class.php cross-site request forgery

CVE-2026-31849 MEDIUM

Missing CSRF protection on state-changing endpoints in Nexxt Nebula 300+

CVE-2026-4143 MEDIUM

Neos Connector for Fakturama <= 0.0.14 - Cross-Site Request Forgery to Settings Update

Previous Page 4 of 365 Next

Details

Vulnerabilities 9,119

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy