Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: csrf Clear
ID Title
CVE-2026-49471 Vulnerability in flask (CVE-2026-49471)
vulnerability in flask (CVE-2026-49471). Successful exploitation can lead to full system takeover. Exploitable via `Host header`.
CVE-2026-59713 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-59713)
vulnerability in csrf (CVE-2026-59713). Confidential information can be exposed externally.
CVE-2026-59520 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-59520)
vulnerability in csrf (CVE-2026-59520). Risk of unauthorized operations or information disclosure.
CVE-2026-13040 Cross-Site Scripting (XSS) in wordpress (CVE-2026-13040)
cross-site scripting in wordpress (CVE-2026-13040). Risk of unauthorized operations or information disclosure.
CVE-2026-57766 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57766)
vulnerability in csrf (CVE-2026-57766). Successful exploitation can lead to full system takeover.
CVE-2026-57757 Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
CVE-2026-57758 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57758)
vulnerability in csrf (CVE-2026-57758). Risk of unauthorized operations or information disclosure.
CVE-2026-57747 Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions.
CVE-2026-57759 Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
CVE-2026-57761 Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
CVE-2026-57690 Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions.
CVE-2026-57751 Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions.
CVE-2026-58451 Path Traversal in csrf (CVE-2026-58451)
path traversal in csrf (CVE-2026-58451). Confidential information can be exposed externally.
CVE-2026-57723 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57723)
vulnerability in csrf (CVE-2026-57723). Risk of unauthorized operations or information disclosure.
CVE-2026-58518 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-58518)
vulnerability in csrf (CVE-2026-58518). Risk of unauthorized operations or information disclosure.
CVE-2026-56286 Vulnerability in csrf (CVE-2026-56286)
vulnerability in csrf (CVE-2026-56286). Data can be tampered with by attackers.
CVE-2026-35096 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-35096)
vulnerability in csrf (CVE-2026-35096). Risk of unauthorized operations or information disclosure.
CVE-2026-9676 Vulnerability in wordpress (CVE-2026-9676)
vulnerability in wordpress (CVE-2026-9676). Risk of unauthorized operations or information disclosure.
CVE-2026-52784 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-52784)
vulnerability in csrf (CVE-2026-52784). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-57657 Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
CVE-2026-57659 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57659)
vulnerability in csrf (CVE-2026-57659). Successful exploitation can lead to full system takeover.
CVE-2026-57655 Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
CVE-2026-57641 Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
CVE-2026-57635 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57635)
vulnerability in csrf (CVE-2026-57635). Data can be tampered with by attackers.
CVE-2026-57637 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57637)
vulnerability in csrf (CVE-2026-57637). Risk of unauthorized operations or information disclosure.
CVE-2025-68052 Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.
CVE-2026-43920 Vulnerability in csrf (CVE-2026-43920)
vulnerability in csrf (CVE-2026-43920). Risk of unauthorized operations or information disclosure.
CVE-2026-12986 Cross-Site Request Forgery (CSRF) in ssrf (CVE-2026-12986)
vulnerability in ssrf (CVE-2026-12986). Risk of unauthorized operations or information disclosure.
CVE-2026-57305 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57305)
vulnerability in csrf (CVE-2026-57305). Risk of unauthorized operations or information disclosure.
CVE-2026-57306 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57306)
vulnerability in csrf (CVE-2026-57306). Risk of unauthorized operations or information disclosure.
CVE-2026-57290 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57290)
vulnerability in csrf (CVE-2026-57290). Risk of unauthorized operations or information disclosure.
CVE-2026-57295 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57295)
vulnerability in csrf (CVE-2026-57295). Risk of unauthorized operations or information disclosure.
CVE-2026-57292 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57292)
vulnerability in csrf (CVE-2026-57292). Risk of unauthorized operations or information disclosure.
CVE-2026-57298 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57298)
vulnerability in csrf (CVE-2026-57298). Risk of unauthorized operations or information disclosure.
CVE-2026-57283 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57283)
vulnerability in csrf (CVE-2026-57283). Risk of unauthorized operations or information disclosure.
CVE-2026-6292 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6292)
vulnerability in wordpress (CVE-2026-6292). Risk of unauthorized operations or information disclosure.
CVE-2026-54350 SQL Injection in @budibase/server (CVE-2026-54350)
SQL injection in @budibase/server (CVE-2026-54350). Confidential information can be exposed externally. Exploitable via `POST /api/v2/queries/`. Mitigation: upgrade to `3.39.12` or later.
CVE-2026-27604 Information Disclosure in csrf (CVE-2026-27604)
vulnerability in csrf (CVE-2026-27604). Risk of unauthorized operations or information disclosure. Exploitable via ``system``.
CVE-2026-9733 Vulnerability in csrf (CVE-2026-9733)
vulnerability in csrf (CVE-2026-9733). Confidential information can be exposed externally.
CVE-2026-52800 Cross-Site Request Forgery (CSRF) in gogs.io/gogs (CVE-2026-52800)
vulnerability in gogs.io/gogs (CVE-2026-52800). Successful exploitation can lead to full system takeover. Exploitable via ``TeamsAction``. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-50132 Vulnerability in @budibase/server (CVE-2026-50132)
vulnerability in @budibase/server (CVE-2026-50132). Confidential information can be exposed externally. Exploitable via `GET /api/chat-links/`. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-56425 Vulnerability in csrf (CVE-2026-56425)
vulnerability in csrf (CVE-2026-56425). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
CVE-2026-7859 Vulnerability in wordpress (CVE-2026-7859)
vulnerability in wordpress (CVE-2026-7859). Risk of unauthorized operations or information disclosure.
CVE-2026-49871 Cross-Site Request Forgery (CSRF) in apache (CVE-2026-49871)
vulnerability in apache (CVE-2026-49871). Confidential information can be exposed externally.
CVE-2026-10034 Vulnerability in wordpress (CVE-2026-10034)
vulnerability in wordpress (CVE-2026-10034). Risk of unauthorized operations or information disclosure.
CVE-2026-56024 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-56024)
vulnerability in csrf (CVE-2026-56024). Risk of unauthorized operations or information disclosure.
CVE-2026-54220 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-54220)
vulnerability in csrf (CVE-2026-54220). Risk of unauthorized operations or information disclosure.
CVE-2026-55745 Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55745)
vulnerability in cotonti/cotonti (CVE-2026-55745). Risk of unauthorized operations or information disclosure.
CVE-2026-55741 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
CVE-2026-55744 Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →