Falhas do tipo CWE-352
5.740 resultadosCVE-2026-35266HIGHVulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit EPSS 0.1%CVE-2026-34460MEDIUMNamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swappingEPSS 0.1%CVE-2025-66064MEDIUMWordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-62950MEDIUMWordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-52793HIGHWordPress Esselink.nu Settings plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-52792HIGHWordPress WP User Stylesheet Switcher plugin <= v2.2.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-65203HIGHKeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directivEPSS 0.1%CVE-2025-52783HIGHWordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-52794HIGHWordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-58918MEDIUMWordPress Entrada theme <= 5.7.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-52789HIGHWordPress Lewe ChordPress plugin <= 4.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.1%CVE-2025-62945HIGHWordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-40929MEDIUMWWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creatorsEPSS 0.1%CVE-2025-52784HIGHWordPress Bluff Post plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-12452MEDIUMVisit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2022-47150MEDIUMWordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-41347LOWOpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator EndpointsEPSS 0.1%CVE-2025-27904MEDIUMMultiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and WindowsEPSS 0.1%CVE-2025-64700MEDIUMCross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may EPSS 0.1%CVE-2025-62933HIGHWordPress Awesome Testimonials plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%