Weaknesses of type CWE-352

5,726 results
CVE-2024-8120MEDIUMImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX ActionsEPSS 0.2%CVE-2024-35557MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=closeEPSS 0.2%CVE-2025-66407MEDIUMWeblate has Server-Side Request Forgery vulnerabilityEPSS 0.2%CVE-2025-21538MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2026-24885MEDIUMKanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role AssignmentEPSS 0.2%CVE-2025-24720MEDIUMWordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2025-24724MEDIUMWordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2025-62797HIGHCSRF in FluxCP account endpoints allows account takeover / state-changing actionsEPSS 0.2%CVE-2024-13683MEDIUMAutomate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status UpdateEPSS 0.2%CVE-2024-11071HIGHImproper Access Control In DestinyECMEPSS 0.2%CVE-2025-22563MEDIUMWordPress Pretty Urls Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-7835MEDIUMiThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2026-40549MEDIUMCross-Site Request Forgery in SOPlanningEPSS 0.2%CVE-2015-20113MEDIUMRealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scripting VulnerabilitiesEPSS 0.2%CVE-2026-12986HIGHA critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows thEPSS 0.2%CVE-2022-40724MEDIUMCross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint.EPSS 0.2%CVE-2024-1446MEDIUMNextScripts: Social Networks Auto-Poster <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post DeletionEPSS 0.2%CVE-2025-54598MEDIUMThe Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via EPSS 0.2%CVE-2024-4429MEDIUMCross Site Request Forgery vulnerability in iManagerEPSS 0.2%CVE-2026-4131MEDIUMWP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' ParameterEPSS 0.2%