Vulnerabilities (CVE)

Filtered by CWE-352
Total 9182 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32632 1 Pajbot 1 Pajbot 2026-06-17 4.3 MEDIUM 2.4 LOW
Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnerable to cross-site request forgery (CSRF). Hosters of the bot should upgrade to `v1.52` or `stable` to install the patch or, as a workaround, can add one modern dependency.
CVE-2021-32424 1 Trendnet 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware 2026-06-17 6.8 MEDIUM 8.8 HIGH
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router.
CVE-2021-32403 1 Intelbras 2 Rf 301k, Rf 301k Firmware 2026-06-17 6.8 MEDIUM 8.8 HIGH
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.
CVE-2021-32402 1 Intelbras 2 Rf 301k, Rf 301k Firmware 2026-06-17 6.8 MEDIUM 8.8 HIGH
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.
CVE-2021-32162 1 Webmin 1 Webmin 2026-06-17 6.8 MEDIUM 8.8 HIGH
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
CVE-2021-32159 1 Webmin 1 Webmin 2026-06-17 6.8 MEDIUM 8.8 HIGH
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
CVE-2021-32156 1 Webmin 1 Webmin 2026-06-17 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
CVE-2021-32122 1 Netgear 8 Ex3700, Ex3700 Firmware, Ex3800 and 5 more 2026-06-17 5.4 MEDIUM 9.8 CRITICAL
Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.
CVE-2021-32096 1 Nsa 1 Emissary 2026-06-17 6.8 MEDIUM 8.8 HIGH
The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter.
CVE-2021-32073 1 Dedecms 1 Dedecms 2026-06-17 6.8 MEDIUM 8.8 HIGH
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-31762 1 Webmin 1 Webmin 2026-06-17 6.8 MEDIUM 8.8 HIGH
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
CVE-2021-31760 1 Webmin 1 Webmin 2026-06-17 6.8 MEDIUM 8.8 HIGH
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
CVE-2021-31679 1 Pescms 1 Pescms Team 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers.
CVE-2021-31678 1 Pescms 1 Pescms Team 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.
CVE-2021-31677 1 Pescms 1 Pescms Team 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords.
CVE-2021-31631 1 B2evolution 1 B2evolution Cms 2026-06-17 6.8 MEDIUM 8.8 HIGH
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges.
CVE-2021-31604 1 Openvpn-monitor Project 1 Openvpn-monitor 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client.
CVE-2021-31584 1 Sipwise 1 Next Generation Communication Platform 2026-06-17 6.8 MEDIUM 8.8 HIGH
Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges.
CVE-2021-31152 1 Multilaser 2 Ac1200 Re018, Ac1200 Re018 Firmware 2026-06-17 6.8 MEDIUM 8.8 HIGH
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.
CVE-2021-30224 1 Rukovoditel 1 Rukovoditel 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.