CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2018-25200	OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php — OOP CMS BLOG	5.3	Medium	2026-03-06
CVE-2018-25190	Easyndexer 1.0 Cross-Site Request Forgery via createuser.php — Easyndexer	5.3	Medium	2026-03-06
CVE-2018-25186	Tina4 Stack 1.0.3 Cross-Site Request Forgery via profile — Tina4 Stack	5.3	Medium	2026-03-06
CVE-2018-25176	Alive Parish 2.0.4 SQL Injection and Arbitrary File Upload — Alive Parish	8.2	High	2026-03-06
CVE-2018-25177	Data Center Audit 2.6.2 Cross-Site Request Forgery via dca_resetpw.php — Data Center Audit	5.3	Medium	2026-03-06
CVE-2018-25174	ABC ERP 0.6.4 Cross-Site Request Forgery via _configurar_perfil.php — ABC ERP	5.3	Medium	2026-03-06
CVE-2018-25170	DoceboLMS 1.2 SQL Injection via lesson.php — DoceboLMS	8.2	High	2026-03-06
CVE-2026-1468	Cross-Site Request Forgery in QuickCMS — QuickCMS	8.8	-	2026-03-06
CVE-2026-29084	Gokapi: CSRF in Login Endpoint — Gokapi	4.6	Medium	2026-03-06
CVE-2025-59541	Chamilo: CSRF Vulnerability in Project Deletion — chamilo-lms	8.1	High	2026-03-06
CVE-2026-28477	OpenClaw < 2026.2.14 - OAuth State Validation Bypass in Manual Chutes Login Flow — OpenClaw	7.1	High	2026-03-05
CVE-2025-64166	Mercurius: Incorrect Content-Type parsing can lead to CSRF attack — mercurius	5.4	Medium	2026-03-05
CVE-2026-2994	Concrete CMS below 9.4.8 is vulnerable to CSRF by a Rogue Admin using the Anti-Spam Allowlist Group — Concrete CMS	6.8	-	2026-03-04
CVE-2026-27758	SODOLA SL902-SWTGW124AS <= 200.1.20 Missing CSRF Protections — SODOLA SL902-SWTGW124AS	4.3	Medium	2026-02-27
CVE-2026-3193	Chia Blockchain send_transaction cross-site request forgery — Blockchain	3.1	Low	2026-02-25
CVE-2026-2410	Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update — Disable Admin Notices – Hide Dashboard Notifications	4.3	Medium	2026-02-25
CVE-2026-27632	Talishar Vulnerable to Cross-Site Request Forgery (CSRF) — Talishar	2.6	Low	2026-02-25
CVE-2026-27609	Parse Dashboard Missing CSRF Protection on Agent Endpoint — parse-dashboard	8.8^AI	High^AI	2026-02-25
CVE-2026-27589	Caddy vulnerable to cross-origin config application via local admin API /load (caddy) — caddy	6.5	-	2026-02-24
CVE-2026-27518	Binardat 10G08-0800GSM Network Switch CSRF — 10G08-0800GSM Network Switch	4.3	Medium	2026-02-24
CVE-2026-27741	Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints — Bludit	4.3	Medium	2026-02-23
CVE-2026-25649	Traccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider Endpoints — traccar	7.3	High	2026-02-23
CVE-2026-23694	Aruba HiSpeed Cache < 3.0.5 CSRF in Multiple Administrative AJAX Actions — Aruba HiSpeed Cache	8.1^AI	High^AI	2026-02-23
CVE-2026-27513	Tenda F3 CSRF in Web Management Interface — Tenda F3	4.3	Medium	2026-02-23
CVE-2026-27146	GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads — GetSimpleCMS-CE	8.8^AI	High^AI	2026-02-20
CVE-2019-25447	OrientDB 3.0.17 Cross-Site Request Forgery — OrientDB	4.3	Medium	2026-02-20
CVE-2025-13671	Cross Site request forgery vulnerability discovered in OpenText WSM Management Server. — Web Site Management Server	4.3^AI	Medium^AI	2026-02-19
CVE-2026-26317	OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints — openclaw	7.1	High	2026-02-19
CVE-2026-27090	WordPress Kenta Companion plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability — Kenta Companion	8.8^AI	High^AI	2026-02-19
CVE-2026-27050	WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability — RealPress	8.8^AI	High^AI	2026-02-19

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751