Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2026-44347 MEDIUM

Warpgate: SSO CSRF -- State Token Not Validated on Return

CVE-2026-42289 HIGH

ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege Escalation

CVE-2026-30807 HIGH

Pandora FMS 777-800 - Cross-Site Request Forgery

CVE-2026-7616 MEDIUM

Zawgyi Embed <= 2.1.1 - Cross-Site Request Forgery via 'zawgyi_forceCSS' Parameter

CVE-2026-7562 MEDIUM

WP-Redirection <= 1.0.3 - Cross-Site Request Forgery to Settings Update

CVE-2026-7561 MEDIUM

Tm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2026-6932 MEDIUM

Woo Commerce Minimum Weight <= 3.0.1 - Cross-Site Request Forgery via Settings Update Form

CVE-2026-6710 MEDIUM

Skysa Text Ticker App <= 1.4 - Cross-Site Request Forgery to Settings Modification via 'Save Settings' Form

CVE-2026-45430 HIGH

Backdrop CMS Contributed Projects Backdrop-contrib/salesforce < 1.x-1.0.1 - Cross-Site Request Forgery (CSRF)

CVE-2026-0502 MEDIUM

Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform

CVE-2026-44695 MEDIUM

Outline: Slack OAuth state can link a victim Outline account to an attacker Slack identity

CVE-2026-43877 MEDIUM

WWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary Bytes

CVE-2026-38566 HIGH

HireFlow 1.2 - Cross-Site Request Forgery via Unprotected POST Endpoints

CVE-2026-8194 MEDIUM

osTicket Dispatcher class.dispatcher.php cross-site request forgery

CVE-2026-42286 HIGH

Emlog: Cross-Site Request Forgery in Admin Functions

CVE-2026-42190 MEDIUM

RedwoodSDK: Same-site CSRF in in server actions

CVE-2026-5791 MEDIUM

CSRF in DivvyDrive Information Technologies' DivvyDrive

CVE-2026-28201 HIGH

SurrealDB Injection on Open Notebook

CVE-2026-27415 MEDIUM

WordPress BEAR plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

CVE-2026-41663 LOW

Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send

CVE-2026-40326 HIGH

Masa CMS CSRF in site bundle creation allows unauthorized site data export

CVE-2026-40325 HIGH

Masa CMS CSRF in content restoration allows unauthorized restoration of deleted content

CVE-2026-40309 HIGH

Masa CMS CSRF in trash management allows unauthorized permanent deletion of deleted content

CVE-2026-40174 HIGH

Masa CMS CSRF in user address management allows unauthorized address changes

CVE-2026-8022 LOW

Google Chrome < 148.0.7778.96 - Cross-Origin Data Leak via MHTML

Previous Page 6 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy