Weaknesses of type CWE-352
5,662 resultsCVE-2016-6277HIGHNETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before EPSS 99.8%KEVCVE-2022-41622HIGHiControl SOAP vulnerabilityEPSS 88.0%CVE-2025-54782CRITICAL@nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS DevelopersEPSS 46.2%CVE-2014-100005HIGHMultiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attaEPSS 42.4%KEVCVE-2023-2533HIGHPaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRFEPSS 29.5%KEVCVE-2022-1020—Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function CallEPSS 26.2%CVE-2023-48292CRITICALXWiki Admin Tools Application Run Shell Command allows CSRF RCE attacksEPSS 22.9%CVE-2023-22457CRITICALorg.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request ForgeryEPSS 18.7%CVE-2019-12624HIGHCisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery VulnerabilityEPSS 18.7%CVE-2020-10181CRITICALgoform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (adminiEPSS 14.2%KEVCVE-2024-2449HIGHLoadMaster Cross-Site Request Forgery (CSRF)EPSS 12.9%CVE-2024-1538HIGHFile Manager <= 7.2.4 - Cross-Site Request Forgery to Local JS File InclusionEPSS 10.7%CVE-2022-45980HIGHTenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .EPSS 7.5%CVE-2024-38457HIGHXenforo before 2.2.16 allows CSRF.EPSS 7.4%CVE-2024-24777HIGHA cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially EPSS 7.0%CVE-2021-25032—PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog CompromiseEPSS 6.7%CVE-2021-24581—Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS)EPSS 4.1%CVE-2021-25052—Button Generator < 2.3.3 - RFI leading to RCE via CSRFEPSS 3.5%CVE-2024-34069HIGHWerkzeug's improper usage of a pathname and improper CSRF protection results in the remote command executionEPSS 3.4%CVE-2021-24174—Database Backups <= 1.2.2.6 - CSRF to Backup DownloadEPSS 3.2%