タイプ別 CVE リスト:CSRF(公開年で絞り込み)

CSRF に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。

直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。

2021 年に公開され、CSRF に分類される CVE を表示しています。 CVE の一覧へ

CVSS スコア
表示中 120 / 467
«« 先頭 « 前へ 1 / 24 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2021-20165 Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible). 8.8 0.62% 2021-12-30 2026-06-16
CVE-2020-29292 iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses. 6.5 0.37% 2021-12-30 2026-06-16
CVE-2020-21236 A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. 8.8 0.54% 2021-12-27 2026-06-16
CVE-2020-20945 A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. 8.8 0.56% 2021-12-27 2026-06-16
CVE-2020-20943 A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL. 4.3 0.38% 2021-12-27 2026-06-16
CVE-2021-24988 The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter. 5.4 0.29% 2021-12-27 2026-06-16
CVE-2021-4168 showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 8.8 0.61% 2021-12-26 2026-06-17
CVE-2021-4162 archivy is vulnerable to Cross-Site Request Forgery (CSRF) 4.3 0.38% 2021-12-25 2026-06-17
CVE-2020-20595 A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. 6.5 0.46% 2021-12-22 2026-06-16
CVE-2020-20593 A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. 8.0 0.43% 2021-12-22 2026-06-16
CVE-2021-36886 Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). 6.5 0.54% 2021-12-22 2026-06-16
CVE-2021-43158 In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. 4.3 0.45% 2021-12-22 2026-06-17
CVE-2021-43156 In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. 6.5 0.53% 2021-12-22 2026-06-17
CVE-2021-24981 The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. 7.5 0.81% 2021-12-21 2026-06-16
CVE-2021-43846 `solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the "Add to cart" action. Adding forgery protection to a form that missed it can have some side e 5.3 0.57% 2021-12-20 2026-06-17
CVE-2021-36887 Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass". 6.1 0.49% 2021-12-20 2026-06-16
CVE-2021-4131 livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) 8.8 0.54% 2021-12-18 2026-06-17
CVE-2021-4130 snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) 8.8 0.46% 2021-12-18 2026-06-17
CVE-2021-26800 Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. 6.5 0.40% 2021-12-16 2026-06-16
CVE-2021-41260 Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue. 8.2 0.43% 2021-12-16 2026-06-17
«« 先頭 « 前へ 1 / 24 次へ »
cvelogic Threat Intelligence