Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2026-8140 MEDIUM

Concrete CMS 9.5.0 and below is vulnerable to CSRF on download() in the package install controller

CVE-2026-22880 MEDIUM

Mobile SSO authentication flow allows credential theft via malicious server

CVE-2026-44925 HIGH

InfoScale Operations Manager 9.1.3 - Cross-Site Request Forgery

CVE-2026-6405 MEDIUM

Anomify AI <= 0.3.6 - Cross-Site Request Forgery

CVE-2026-8424 MEDIUM

Remove Yellow BGBOX <= 1.0 - Cross-Site Request Forgery

CVE-2026-8423 MEDIUM

JaviBola Custom Theme Test <= 2.0.5 - Cross-Site Request Forgery

CVE-2026-8420 MEDIUM

BLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

CVE-2026-8419 MEDIUM

Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

CVE-2026-8418 MEDIUM

Games Catalog <= 1.2.0 - Cross-Site Request Forgery to Arbitrary Game/Post Deletion

CVE-2026-6452 MEDIUM

Bigfishgames Syndicate <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update

CVE-2026-6401 MEDIUM

Bottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings Update

CVE-2026-6400 MEDIUM

Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form

CVE-2026-6395 MEDIUM

Word 2 Cash <= 0.9.2 - Cross-Site Request Forgeryto Stored Cross-Site Scripting via Settings Page

CVE-2026-6391 MEDIUM

Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

CVE-2026-8604 HIGH

Cross-Site request forgery (CSRF) in ScadaBR

CVE-2026-45317 MEDIUM

Open WebUI: Cross-Site Request Forgery (CSRF) via Image URL Manipulation

CVE-2026-45773 MEDIUM

Turborepo: Login callback CSRF/session fixation

CVE-2026-8425 MEDIUM

Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings Update

CVE-2026-28761 HIGH

Fujitsu Japan Limited Musetheque V4 Information Disclosure For Ipknowledge - Cross-Site Request Forgery (CSRF)

CVE-2026-5365 MEDIUM

LatePoint <= 5.3.2 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX Route

CVE-2026-4527 MEDIUM

Cross-Site Request Forgery (CSRF) in GitLab

CVE-2026-44364 CRITICAL

misp-modules website - Missing CSRF protection in the website home blueprint

CVE-2026-41255 MEDIUM

CKAN: CSRF exemption primed by anonymous requests

CVE-2026-40703 MEDIUM

BIG-IP 16.1.0-17.1.3.1 17.5.0-17.5.1.4 >=21.0.0 - Cross-Site Request Forgery in Dashboard

CVE-2026-44548 HIGH

ChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)

Previous Page 5 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy