Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4750

4750 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27659 CSRF vulnerability in UpdateAccessControlPolicyActiveStatus endpoint — Mattermost 4.6 Medium2026-03-25
CVE-2026-3211 Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012 — Theme Negotiation by Rules 8.8 -2026-03-25
CVE-2025-40841 Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability — Indoor Connect 8855 4.3 -2026-03-25
CVE-2026-33252 MCP Go SDK Allows Cross-Site Tool Execution for HTTP Servers without Authorizatrion — go-sdk 7.1 High2026-03-23
CVE-2026-33649 AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification — AVideo 8.1 High2026-03-23
CVE-2026-33507 AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload — AVideo 8.8 High2026-03-23
CVE-2026-4590 kalcaddle kodbox loginSubmit API index.class.php cross-site request forgery — kodbox 3.1 Low2026-03-23
CVE-2026-31849 Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+ — Nebula 300+ 6.5 -2026-03-23
CVE-2026-2723 Post Snippits <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update — Post Snippits 6.1 Medium2026-03-21
CVE-2026-4143 Neos Connector for Fakturama <= 0.0.14 - Cross-Site Request Forgery to Settings Update — Neos Connector for Fakturama 4.3 Medium2026-03-21
CVE-2025-14037 Invelity Products Feeds <= 1.2.6 - Cross-Site Request Forgery to Arbitrary File Deletion — Invelity Product Feeds 8.1 High2026-03-21
CVE-2026-1503 login_register <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Plugin Name: login_register 4.3 Medium2026-03-21
CVE-2026-3331 Lobot Slider Administrator <= 0.6.0 - Cross-Site Request Forgery to Settings Update — Lobot Slider Administrator 4.3 Medium2026-03-21
CVE-2026-1392 SR WP Minify HTML <= 2.1 - Cross-Site Request Forgery to Settings Update — SR WP Minify HTML 4.3 Medium2026-03-21
CVE-2026-3332 Xhanch - My Advanced Settings <= 1.1.2 - Cross-Site Request Forgery to Settings Update — Xhanch – My Advanced Settings 4.3 Medium2026-03-21
CVE-2026-1390 Redirect countdown <= 1.0 - Cross-Site Request Forgery to Settings Update — Redirect countdown 4.3 Medium2026-03-21
CVE-2026-1378 WP Posts Re-order <= 1.0 - Cross-Site Request Forgery to Settings Update — WP Posts Re-order 4.3 Medium2026-03-21
CVE-2026-1393 Add Google Social Profiles to Knowledge Graph Box <= 1.0 - Cross-Site Request Forgery to Settings Update — Add Google Social Profiles to Knowledge Graph Box 4.3 Medium2026-03-21
CVE-2026-32989 Precurio Intranet Portal 4.4: Cross-Site Request Forgery leading to arbitrary file upload — Precurio Intranet Portal 8.8 High2026-03-20
CVE-2024-32537 WordPress Flash Video Player plugin <= 5.0.4 - CSRF to XSS vulnerability — Flash Video Player 7.1 High2026-03-20
CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions — admidio 5.7 Medium2026-03-19
CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes — admidio 5.7 Medium2026-03-19
CVE-2026-4068 Add Custom Fields to Media <= 2.0.3 - Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter — Add Custom Fields to Media 4.3 Medium2026-03-19
CVE-2026-22323 Cross‑Site Request Forgery in Link Aggregation Configuration — FL SWITCH 2005 7.1 High2026-03-18
CVE-2026-27978 Next.js: null origin can bypass Server Actions CSRF checks — next.js 8.8 -2026-03-17
CVE-2026-32839 Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints — Edimax GS-5008PL 4.3 Medium2026-03-17
CVE-2026-29521 Hereta ETH-IMC408M CSRF via Configuration Setup — Hereta ETH-IMC408M 4.3 Medium2026-03-16
CVE-2025-69238 Cross-Site Request Forgery in Raytha CMS — Raytha 6.5 -2026-03-16
CVE-2017-20221 Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution — SDT-CS3B1 4.3 Medium2026-03-16
CVE-2016-20035 Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint — Wowza Streaming Engine 5.3 Medium2026-03-15

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4750 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.