Fallos del tipo CWE-352

5733 resultados
CVE-2026-46894HIGHVulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Home Page). Supported versions that are affecteEPSS 0.2%CVE-2025-26899MEDIUMWordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerabilityEPSS 0.2%CVE-2025-30583HIGHWordPress Pro Rank Tracker plugin <= 1.0.0 - CSRF to Stored XSS VulnerabilityEPSS 0.2%CVE-2025-30572HIGHWordPress Simple Rating plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-49340MEDIUMIBM Watson Studio Local cross-site request forgeryEPSS 0.2%CVE-2025-30578HIGHWordPress AdSense Privacy Policy plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.2%CVE-2026-38566HIGHHireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidatEPSS 0.2%CVE-2025-30787HIGHWordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-20942MEDIUMVulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: LOV). Supported versions tEPSS 0.2%CVE-2025-49382HIGHWordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-31680MEDIUMMatomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008EPSS 0.2%CVE-2025-20326MEDIUMCisco Unified Communications Manager Cross-Site Request Forgery VulnerabilityEPSS 0.2%CVE-2023-42234MEDIUMPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.EPSS 0.2%CVE-2025-31684MEDIUMOAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013EPSS 0.2%CVE-2024-6673MEDIUMCSRF Vulnerability in parisneo/lollms-webuiEPSS 0.2%CVE-2025-6459HIGHAds Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplateEPSS 0.2%CVE-2024-13304MEDIUMMinify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070EPSS 0.2%CVE-2025-22688HIGHWordPress Unlimited Page Sidebars plugin <= 0.2.6 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37438MEDIUMWordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31601MEDIUMWordPress Appointy Appointment Scheduler plugin <= 4.2.1 - CSRF to Settings Change vulnerabilityEPSS 0.2%