Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,344 vulnerabilities with CWE-352

CVE-2024-8489 HIGH

modelscope/agentscope - Cross-Site Request Forgery via Permissive CORS Headers

CVE-2024-8065 HIGH

danswer-ai/danswer v1.4.1 - Cross-Site Request Forgery

CVE-2024-8026 HIGH

qanything/qanything < 2024-06-24 - Cross-Site Request Forgery via Permissive CORS Headers

CVE-2024-7806 HIGH

open-webui <= 0.3.8 - Remote Code Execution via CSRF

CVE-2024-7760 CRITICAL

aim 3.22.0 - Cross-Site Request Forgery via Permissive CORS Settings

CVE-2024-7035 MEDIUM

open-webui v0.3.8 - Cross-Site Request Forgery via Sensitive GET Endpoints

CVE-2024-6841 MEDIUM

vanna-ai/vanna - Cross-Site Request Forgery via SQL Endpoint GET Requests

CVE-2024-10906 HIGH

db-gpt 0.6.0 - Cross-Site Request Forgery via Overly Permissive CORS Configuration

CVE-2024-10819 HIGH

binary-husky gpt_academic 3.83 - Cross-Site Request Forgery and Stored Cross-Site Scripting via File Upload

CVE-2024-10481 MEDIUM

comfy/comfyui < 0.2.2 - Cross-Site Request Forgery via Unprotected API Endpoints

CVE-2024-13933 HIGH

FoodBakery | Delivery Restaurant Directory WordPress Theme <4.7 - CSRF

CVE-2024-13913 HIGH

InstaWP Connect <= 0.1.0.83 - Unauthenticated Arbitrary File Inclusion & Remote Code Execution

CVE-2024-13580 MEDIUM

XV Random Quotes < 1.40 - Cross-Site Request Forgery in Settings Update

CVE-2024-13436 MEDIUM

Appsero Helper <= 1.3.2 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-11640 HIGH

VikRentCar Car Rental Management System <1.4.2 - CSRF

CVE-2024-13826 MEDIUM

Email Keep < 1.1 - Cross-Site Request Forgery in Settings Update

CVE-2024-13774 MEDIUM

Wishlist for WooCommerce <= 3.1.7 - Cross-Site Request Forgery via 'save_to_multiple_wishlist'

CVE-2024-12634 MEDIUM

Related Posts, Inline Related Posts, Contextual Related Posts, Rela...

CVE-2024-51144 HIGH

Ampache <= 6.6.0 - Cross-Site Request Forgery via pvmsg.php and ajax.server.php Endpoints

CVE-2024-50705 HIGH

Uniguest Tripleplay < 24.2.1 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter

CVE-2024-13682 MEDIUM

Wallet System for WooCommerce < 2.6.3 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-30154 MEDIUM

HCL SX - Cross-Site Request Forgery

CVE-2024-13518 MEDIUM

Simple:Press Forum <6.10.11 - CSRF

CVE-2024-0392 MEDIUM

WSO2 Enterprise Integrator 6.6.0 - Cross-Site Request Forgery in Management Console

CVE-2024-13647 MEDIUM

School Management System - SakolaWP <= 1.0.8 - Cross-Site Request Forgery via Exam Setting Actions

Previous Page 90 of 374 Next

Details

Vulnerabilities 9,344

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy