CWE-352: Cross-Site Request Forgery (CSRF)

This vulnerability allows attackers to bypass CSRF protection in NETGEAR JGS516PE and GS116Ev2 switches by omitting the CSRF token parameter in HTTP r...

This CSRF vulnerability in Aruba AirWave Management Platform allows unauthenticated attackers to trick authenticated users into performing unauthorize...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in e107 CMS versions through 2.3.0. The usersettings.php file lacks proper e_TOKE...

This CSRF vulnerability in Jenkins Configuration Slicing Plugin allows attackers to trick authenticated users into unknowingly applying malicious slic...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Open OnDemand, a web-based interface for high-performance computing clusters. ...

This CSRF vulnerability in IBM Security Verify Information Queue allows attackers to trick authenticated users into performing unauthorized actions on...

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Tufin SecureTrack allow attackers to trick authenticated users into performing unintende...

This Cross-Site Request Forgery (CSRF) vulnerability in JetBrains YouTrack allows attackers to trick authenticated users into uploading malicious atta...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in EasyCMS v1.6 that allows attackers to create unauthorized admin accounts. Atta...

This CSRF vulnerability in MediaWiki's Push extension allows attackers to perform unauthorized API actions by tricking authenticated users into visiti...

This CSRF vulnerability in OpenEMR's GACL functionality allows attackers to trick authenticated users into performing unintended actions by sending sp...

This CSRF vulnerability in Aterm WG2600HP and WG2600HP2 routers allows attackers to trick authenticated administrators into performing unintended acti...

This vulnerability in CakePHP allows attackers to bypass CSRF protection by manipulating HTTP method override parameters. Attackers can submit arbitra...

This CSRF vulnerability in Pepperl+Fuchs Comtrol IO-Link Master web interface allows attackers to trick authenticated users into performing unauthoriz...

This CSRF vulnerability in Cisco DNA Center allows unauthenticated attackers to trick authenticated administrators into executing malicious actions vi...

CVE-2020-35217 is a critical CSRF vulnerability in Vert.x-Web framework where CSRF verification incorrectly compares tokens within the session instead...

This CSRF vulnerability in Anchor CMS allows attackers to trick authenticated administrators into unknowingly deleting admin user accounts. It affects...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Bosch PRAESIDEO and PRAESENSA public address systems. Unauthenticated attacker...

This CSRF vulnerability in IBM Curam Social Program Management allows attackers to trick authenticated users into performing unauthorized actions on t...

CVE-2020-4917 is a Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud Pak System 2.3 that allows attackers to trick authenticated users into...

CVE-2021-21495 is a Cross-Site Request Forgery (CSRF) vulnerability in MK-AUTH software that allows attackers to trick authenticated users into changi...

CVE-2020-29458 is a Cross-Site Request Forgery (CSRF) vulnerability in Textpattern CMS 4.6.2 that allows attackers to trick authenticated administrato...

This CSRF vulnerability in MCMS 4.6.5 allows attackers to create unauthorized administrator accounts by tricking authenticated users into visiting mal...

This vulnerability in the Advanced Search WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against logged-in use...

The TAX SERVICE Electronic HDM WordPress plugin before version 1.2.1 has an unauthenticated SQL injection vulnerability due to missing authorization a...

This vulnerability allows attackers to bypass MediaProxy authentication in Concorde (formerly Nexkey) microblogging platforms, enabling unauthorized i...

This CSRF vulnerability in JATOS v3.9.3 allows attackers to trick administrators into unknowingly resetting their passwords, leading to complete accou...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Moodle's admin preset tool where actions lack anti-CSRF tokens. Attackers can ...

A Cross-Site Request Forgery vulnerability in VirtueMart's product image upload function allows attackers to bypass CSRF protection tokens and upload ...

A Cross-Site Request Forgery (CSRF) vulnerability in the WP Video Posts WordPress plugin allows attackers to trick authenticated administrators into e...

The WP Lead Plus X WordPress plugin has a Cross-Site Request Forgery vulnerability that allows unauthenticated attackers to trick administrators into ...

This CSRF vulnerability allows remote attackers to trick authenticated administrators into performing unauthorized state-changing operations by visiti...

This CSRF vulnerability in Ali2Woo Lite WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions, po...

A CSRF vulnerability in Lollms WebUI versions up to 7.3.0 allows attackers to change victims' profile pictures without consent. This can lead to denia...

CVE-2024-24820 is a Cross-Site Request Forgery (CSRF) vulnerability in Icinga Director that allows attackers to perform unauthorized configuration cha...

This CSRF vulnerability in Argo CD allows attackers to execute API requests on behalf of authenticated users when they can inject HTML on the same par...

This CSRF vulnerability allows remote unauthenticated attackers to trick authenticated administrators into executing malicious CLI commands via crafte...

This vulnerability in SolarWinds Serv-U is a Cross-Site Request Forgery (CSRF) flaw where the server improperly validates CSRF tokens when requests co...

This SQL injection vulnerability in SD.NET RIM allows attackers to execute arbitrary SQL commands through POST parameters 'idtyp' and 'idgremium' at t...

A Cross-Site Request Forgery (CSRF) vulnerability in the josepsitjar StoryMap WordPress plugin allows attackers to trick authenticated administrators ...

A Cross-Site Request Forgery vulnerability in the Webaholicson Epicwin WordPress plugin allows attackers to perform SQL injection attacks. This affect...

This vulnerability in the occupancyplan WordPress plugin allows attackers to perform SQL injection via CSRF attacks. Attackers can trick authenticated...

A Cross-Site Request Forgery (CSRF) vulnerability in the Appointment Booking Calendar WordPress plugin allows attackers to trick authenticated adminis...

A Cross-Site Request Forgery (CSRF) vulnerability in the Eli EZ SQL Reports Shortcode Widget and DB Backup WordPress plugin allows attackers to trick ...

A Cross-Site Request Forgery (CSRF) vulnerability in the WP Google Review Slider WordPress plugin allows attackers to trick authenticated administrato...

This CSRF vulnerability in Misskey's Bull dashboard allows attackers to perform unauthorized actions by tricking authenticated users into submitting m...

CVE-2024-53829 is a cross-site request forgery (CSRF) vulnerability in CodeChecker that allows unauthenticated attackers to perform actions with the p...

This vulnerability in the BSK Forms Blacklist WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Blin...

This vulnerability in eDoc Intelligence LLC's eDoc Easy Tables WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks ...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Post Ideas plugin that can lead to SQL injection. Attackers can ...