Fallos del tipo CWE-352

5733 resultados
CVE-2024-40035MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.EPSS 0.2%CVE-2024-20933MEDIUMVulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions thaEPSS 0.2%CVE-2024-20940MEDIUMVulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Create, Update, Authoring Flow). Supported EPSS 0.2%CVE-2026-6440MEDIUMGoodMeet <= 1.1.8 - Cross-Site Request Forgery to Google Meet Credential Reset via 'goodmeet_reset_google_meet_credential'EPSS 0.2%CVE-2025-30577HIGHWordPress Browser Address Bar Color plugin <= 3.3 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.2%CVE-2024-20942MEDIUMVulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: LOV). Supported versions tEPSS 0.2%CVE-2024-32538MEDIUMWordPress Easy CountDowner plugin <= 1.0.8 - CSRF to XSS vulnerabilityEPSS 0.2%CVE-2025-30583HIGHWordPress Pro Rank Tracker plugin <= 1.0.0 - CSRF to Stored XSS VulnerabilityEPSS 0.2%CVE-2025-30572HIGHWordPress Simple Rating plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-30584HIGHWordPress AlphaOmega Captcha & Anti-Spam Filter plugin <= 3.3 - CSRF to Stored XSS VulnerabilityEPSS 0.2%CVE-2025-30588HIGHWordPress Map Contact plugin <= 3.0.4 - CSRF to Stored XSS VulnerabilityEPSS 0.2%CVE-2025-30787HIGHWordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-3131MEDIUMECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031EPSS 0.2%CVE-2024-6405MEDIUMFloating Social Buttons <= 1.5 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-30587HIGHWordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS VulnerabilityEPSS 0.2%CVE-2025-49382HIGHWordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2026-7615MEDIUMWidget Context <= 1.3.3 - Cross-Site Request Forgery to Settings Update via 'wl' ParameterEPSS 0.2%CVE-2024-20934MEDIUMVulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions thaEPSS 0.2%CVE-2025-9213HIGHTextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account TakeoverEPSS 0.2%CVE-2024-49340MEDIUMIBM Watson Studio Local cross-site request forgeryEPSS 0.2%