Falhas do tipo CWE-352

5.677 resultados
CVE-2016-7067MEDIUMMonit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disableEPSS 0.9%CVE-2018-0215A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attackeEPSS 0.9%CVE-2016-6578CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF)EPSS 0.9%CVE-2018-8844Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a weEPSS 0.9%CVE-2017-9641PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that useEPSS 0.9%CVE-2018-0216A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attackeEPSS 0.9%CVE-2018-0148A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) SupervEPSS 0.9%CVE-2023-35141HIGHIn Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the UEPSS 0.9%CVE-2025-27189MEDIUMAdobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)EPSS 0.9%CVE-2016-6557The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgeryEPSS 0.9%CVE-2025-49555HIGHAdobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)EPSS 0.9%CVE-2018-0107A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actiEPSS 0.8%CVE-2024-20252CRITICALMultiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, EPSS 0.8%CVE-2021-1257HIGHCisco DNA Center Cross-Site Request Forgery VulnerabilityEPSS 0.8%CVE-2014-0594HIGHCSRF protection incorrectly disabledEPSS 0.8%CVE-2017-6756A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, reEPSS 0.8%CVE-2022-1969HIGHMobile browser color select <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.8%CVE-2017-7926A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site EPSS 0.8%CVE-2021-24555Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL InjectionEPSS 0.8%CVE-2022-0215HIGHXootiX Plugins <= Various Versions Cross-Site Request Forgery to Arbitrary Options UpdateEPSS 0.8%