Weaknesses of type CWE-352
5,677 resultsCVE-2025-25967MEDIUMAcora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into pEPSS 0.5%CVE-2024-45693HIGHApache CloudStack: Request origin validation bypass makes account takeover possibleEPSS 0.5%CVE-2024-40119HIGHNepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability EPSS 0.5%CVE-2019-10199MEDIUMIt was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use thEPSS 0.5%CVE-2024-33449CRITICALAn SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST requestEPSS 0.5%CVE-2023-0999MEDIUMSourceCodester Sales Tracker Management System cross-site request forgeryEPSS 0.5%CVE-2017-7917—A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HEPSS 0.5%CVE-2022-43407HIGHJenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input'EPSS 0.5%CVE-2016-10529—Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafteEPSS 0.5%CVE-2021-36887MEDIUMWordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)EPSS 0.5%CVE-2021-38342HIGHNested Pages <= 3.1.15 Cross-Site Request Forgery to Arbitrary Post Deletion and ModificationEPSS 0.5%CVE-2021-24685—Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site ScriptingEPSS 0.5%CVE-2015-10001—WP-Stats < 2.5.2 - CSRF to Stored Cross-Site Scripting (XSS)EPSS 0.5%CVE-2022-27488HIGHA cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 thEPSS 0.5%CVE-2020-15789—A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request ForgEPSS 0.5%CVE-2021-4123MEDIUMCross-Site Request Forgery (CSRF) in livehelperchat/livehelperchatEPSS 0.5%CVE-2021-24584—Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot UpdateEPSS 0.5%CVE-2022-2184—CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRFEPSS 0.5%CVE-2024-6310HIGHAdvanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.5%CVE-2015-10116MEDIUMRealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgeryEPSS 0.5%