Falhas do tipo CWE-352
5.677 resultadosCVE-2020-1692HIGHMoodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.EPSS 0.6%CVE-2024-29684CRITICALDedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remoEPSS 0.6%CVE-2023-5455MEDIUMIpa: invalid csrf protectionEPSS 0.6%CVE-2021-4349HIGHProcess Steps Template Designer <= 1.2.1 - Cross-Site Request ForgeryEPSS 0.6%CVE-2022-29451HIGHWordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2020-12511HIGHPepper+Fuchs Comtrol IO-Link Master Cross-Site Request ForgeryEPSS 0.6%CVE-2022-43719HIGHApache Superset: Cross Site Request Forgery (CSRF) on accept, request access APIEPSS 0.6%CVE-2020-3114HIGHCisco Data Center Network Manager Cross-Site Request Forgery VulnerabilityEPSS 0.6%CVE-2022-23601HIGHCSRF token missing in SymfonyEPSS 0.6%CVE-2018-0446—Cisco Industrial Network Director Cross-Site Request Forgery VulnerabilityEPSS 0.6%CVE-2018-0445—Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery VulnerabilityEPSS 0.6%CVE-2021-25081—WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRFEPSS 0.6%CVE-2022-24879HIGHMalfunction of Cross-Site Request Forgery token validationEPSS 0.6%CVE-2025-55147HIGHCSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and IvaEPSS 0.6%CVE-2022-0191—Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRFEPSS 0.6%CVE-2017-20053MEDIUMXYZScripts Contact Form Manager Plugin cross-site request forgeryEPSS 0.6%CVE-2024-10557MEDIUMcode-projects Blood Bank Management System updateprofile.php cross-site request forgeryEPSS 0.6%CVE-2021-24324—404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)EPSS 0.6%CVE-2021-34631HIGHNewsPlugin <= 1.0.18 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.6%CVE-2021-24467—Leaflet Map < 3.0.0 - Arbitrary Settings Update via CSRF Leading to Stored XSSEPSS 0.6%