Vulnerabilities (CVE)

Filtered by CWE-352
Total 9169 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20758 1 Cybozu 1 Garoon 2026-06-17 6.0 MEDIUM 8.0 HIGH
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
CVE-2021-20687 1 Daifukuya 1 Kagemai 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2021-20652 1 Name Directory Project 1 Name Directory 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2021-20650 1 Elecom 2 Ncc-ewf100rmwh2, Ncc-ewf100rmwh2 Firmware 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
CVE-2021-20647 1 Elecom 2 Wrc-300febk-s, Wrc-300febk-s Firmware 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
CVE-2021-20646 1 Elecom 2 Wrc-300febk-a, Wrc-300febk-a Firmware 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
CVE-2021-20641 1 Logitech 2 Lan-w300n\/rs, Lan-w300n\/rs Firmware 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
CVE-2021-20636 1 Logitech 2 Lan-w300n\/pr5b, Lan-w300n\/pr5b Firmware 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
CVE-2021-20621 1 Aterm 4 Wg2600hp, Wg2600hp2, Wg2600hp2 Firmware and 1 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2021-20580 1 Ibm 1 Planning Analytics 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.
CVE-2021-20489 1 Ibm 1 Sterling File Gateway 2026-06-17 6.8 MEDIUM 8.8 HIGH
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.
CVE-2021-20468 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2026-06-17 N/A 6.5 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.
CVE-2021-20403 1 Ibm 1 Security Verify Information Queue 2026-06-17 6.8 MEDIUM 8.8 HIGH
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2021-20165 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2026-06-17 6.8 MEDIUM 8.8 HIGH
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible).
CVE-2021-20126 1 Draytek 1 Vigorconnect 2026-06-17 6.8 MEDIUM 8.8 HIGH
Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVE-2021-20120 1 Commscope 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware 2026-06-17 6.8 MEDIUM 8.8 HIGH
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
CVE-2021-20102 1 Machform 1 Machform 2026-06-17 6.8 MEDIUM 8.8 HIGH
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place.
CVE-2021-20096 1 Lucyparsonslabs 1 Openoversight 2026-06-17 5.8 MEDIUM 8.1 HIGH
Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2021-20073 1 Racom 2 M\!dge, M\!dge Firmware 2026-06-17 6.8 MEDIUM 8.8 HIGH
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.
CVE-2021-1257 5 Apple, Cisco, Linux and 2 more 5 Macos, Catalyst Center, Linux Kernel and 2 more 2026-06-17 6.8 MEDIUM 8.8 HIGH
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands.