Explore CVEs related to CSRF vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing CSRF CVEs published in 2022. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2014-125028 | A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148. | 4.3 | 0.20% | 2022-12-31 | 2024-11-21 |
| CVE-2022-4867 | Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | 4.3 | 0.15% | 2022-12-31 | 2024-11-21 |
| CVE-2022-4850 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | 6.5 | 0.11% | 2022-12-29 | 2024-11-21 |
| CVE-2022-4849 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | 6.5 | 0.19% | 2022-12-29 | 2024-11-21 |
| CVE-2022-4846 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | 6.5 | 0.11% | 2022-12-29 | 2024-11-21 |
| CVE-2022-4845 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | 4.3 | 0.15% | 2022-12-29 | 2024-11-21 |
| CVE-2022-4844 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | 8.8 | 0.13% | 2022-12-29 | 2024-11-21 |
| CVE-2016-15005 | CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests. | 8.8 | 0.20% | 2022-12-27 | 2025-04-11 |
| CVE-2022-4766 | A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a is able to address this issue. The name of the patch is 082282e9dab43963e6c8f03cfaddd7921de377f4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216880. | 4.3 | 0.08% | 2022-12-27 | 2024-11-21 |
| CVE-2020-36633 | A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-21 | 4.3 | 0.20% | 2022-12-27 | 2024-11-21 |
| CVE-2020-28191 | The console in Togglz before 2.9.4 allows CSRF. | 8.8 | 0.22% | 2022-12-26 | 2025-04-14 |
| CVE-2022-46491 | A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts. | 6.5 | 0.06% | 2022-12-22 | 2025-04-15 |
| CVE-2020-36625 | A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer support | 4.3 | 0.26% | 2022-12-22 | 2024-11-21 |
| CVE-2022-4646 | Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4. | 6.5 | 0.05% | 2022-12-22 | 2024-11-21 |
| CVE-2021-4275 | A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability. | 4.3 | 0.12% | 2022-12-21 | 2024-11-21 |
| CVE-2022-4633 | A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. VDB-216482 is the i | 4.3 | 0.22% | 2022-12-21 | 2024-11-21 |
| CVE-2021-4268 | A vulnerability, which was classified as problematic, was found in phpRedisAdmin up to 1.17.3. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.18.0 is able to address this issue. The name of the patch is b9039adbb264c81333328faa9575ecf8e0d2be94. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216471. | 4.3 | 0.29% | 2022-12-21 | 2024-11-21 |
| CVE-2020-36623 | A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475. | 4.3 | 0.16% | 2022-12-21 | 2024-11-21 |
| CVE-2020-36622 | A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability. | 4.3 | 0.16% | 2022-12-21 | 2024-11-21 |
| CVE-2022-4125 | The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well | 4.3 | 0.21% | 2022-12-19 | 2024-11-21 |