Falhas do tipo CWE-352

5.715 resultados
CVE-2023-35120HIGHPiiGAB M-Bus Cross-Site Request ForgeryEPSS 0.2%CVE-2023-4246MEDIUMGiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin installationEPSS 0.2%CVE-2025-68158MEDIUMAuthlib: 1-click Account TakeoverEPSS 0.2%CVE-2025-30528CRITICALWordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerabilityEPSS 0.2%CVE-2025-6106MEDIUMWuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgeryEPSS 0.2%CVE-2024-28677MEDIUMDedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.EPSS 0.2%CVE-2023-48762MEDIUMWordPress JetElements For Elementor Plugin <= 2.6.13 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-31200MEDIUMPTC Vuforia Studio Cross-Site Request ForgeryEPSS 0.2%CVE-2022-29561HIGHA vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEEPSS 0.2%CVE-2024-2113MEDIUMNinja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission ExportEPSS 0.2%CVE-2023-23973MEDIUMWordPress Contact Us page - Contact people LITE Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-22285MEDIUMWordPress Frontpage Manager Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-27195HIGHWordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerabilityEPSS 0.2%CVE-2024-28731HIGHCross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local aEPSS 0.2%CVE-2024-33651MEDIUMWordPress MF Gig Calendar plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-64133MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackeEPSS 0.2%CVE-2024-42475MEDIUMOAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNGEPSS 0.2%CVE-2023-48258MEDIUMThe vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’EPSS 0.2%CVE-2024-32445MEDIUMWordPress WebinarIgnition plugin <= 3.05.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-68434HIGHopensourcepos has Cross-Site Request Forgery vulnerability that leads to Unauthorized Administrator CreationEPSS 0.2%