Falhas do tipo CWE-352

5.733 resultados
CVE-2024-49795MEDIUMIBM ApplinX Cross-Site Request ForgeryEPSS 0.1%CVE-2025-12400MEDIUMLMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2020-36918MEDIUMiDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User ManagementEPSS 0.1%CVE-2024-49794MEDIUMIBM ApplinX Cross-Site Request ForgeryEPSS 0.1%CVE-2026-57766HIGHWordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-12415MEDIUMMapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-12410MEDIUMSH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-12402MEDIUMLinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-7669MEDIUMAvishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2026-25812CRITICALPlaciPy is Missing CSRF Protection on State-Changing EndpointsEPSS 0.1%CVE-2025-12456MEDIUMCentangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site ScriptingEPSS 0.1%CVE-2020-36906MEDIUMP5 FNIP-8x16A FNIP-4xSH 1.0.20 Cross-Site Request Forgery via User ManagementEPSS 0.1%CVE-2025-12401MEDIUMLabel Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-69634CRITICALCross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field EPSS 0.1%CVE-2025-12403MEDIUMAssociados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2026-8410LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/deleteEPSS 0.1%CVE-2025-60535HIGHA Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary opeEPSS 0.1%CVE-2025-3284MEDIUMUser Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User DeletionEPSS 0.1%CVE-2025-25143MEDIUMWordPress GlobalQuran Plugin <= 1.0 - CSRF to Settings Change vulnerabilityEPSS 0.1%CVE-2026-8409LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/deleteEPSS 0.1%