Fallos del tipo CWE-352

5677 resultados
CVE-2019-1904HIGHCisco IOS XE Software Web UI Cross-Site Request Forgery VulnerabilityEPSS 1.0%CVE-2021-32732HIGHCross-Site Request Forgery in xwiki-platformEPSS 1.0%CVE-2015-20105ClickBank Affiliate Ads <= 1.20 - CSRF to Stored Cross-Site ScriptingEPSS 1.0%CVE-2024-0624MEDIUMPaid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders UpdateEPSS 1.0%CVE-2018-0365A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker tEPSS 0.9%CVE-2018-0364A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote EPSS 0.9%CVE-2024-22416CRITICALCross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalationEPSS 0.9%CVE-2018-0255A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker toEPSS 0.9%CVE-2018-15445MEDIUMCisco Energy Management Suite Cross-Site Request Forgery VulnerabilityEPSS 0.9%CVE-2020-15259HIGHCSRF in Auth0 ad-ldap-connectorEPSS 0.9%CVE-2021-21241HIGHCSRF can expose users authentication token in Flask-Security-TooEPSS 0.9%CVE-2024-0588MEDIUMPaid Memberships Pro <= 2.12.10 - Cross-Site Request ForgeryEPSS 0.9%CVE-2019-3809MEDIUMA flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of EPSS 0.9%CVE-2024-27448CRITICALMailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js EPSS 0.9%CVE-2020-7005In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an aEPSS 0.9%CVE-2018-10884HIGHAnsible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker cEPSS 0.9%CVE-2022-29429HIGHWordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerabilityEPSS 0.9%CVE-2025-5888MEDIUMjsnjfz WebStack-Guns cross-site request forgeryEPSS 0.9%CVE-2020-8282A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have bEPSS 0.9%CVE-2021-24639OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder DeletionEPSS 0.9%