依類型的 CVE 清單:CSRF

探索與 CSRF 漏洞相關的 CVE。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。

涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。

目前為 CSRF 類型、涵蓋所有公開年份的 CVE。 檢視完整 CVE 清單

顯示 1209371 筆結果
«« 第一頁 « 上一頁 第 1 / 469 頁 下一頁 »
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-57766 Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions. 8.8 2026-07-02 2026-07-02
CVE-2026-57761 Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. 7.1 2026-07-02 2026-07-02
CVE-2026-57759 Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions. 8.8 2026-07-02 2026-07-02
CVE-2026-57758 Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions. 7.1 2026-07-02 2026-07-02
CVE-2026-57757 Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions. 7.1 2026-07-02 2026-07-02
CVE-2026-57751 Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions. 8.1 2026-07-02 2026-07-02
CVE-2026-57747 Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions. 6.5 2026-07-02 2026-07-02
CVE-2026-57690 Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions. 4.3 2026-07-02 2026-07-02
CVE-2026-57723 Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12. 7.4 0.12% 2026-07-01 2026-07-01
CVE-2026-12158 The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the process_request function. This makes it possible for unauthenticated attackers to escalate the privileges of an arbitrary form submitter to administrator by creating a malicious Chronos automation task that is executed via WordPress cron via a forged request granted they c 8.8 0.21% 2026-07-01 2026-07-01
CVE-2026-58518 Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3. 6.9 0.16% 2026-07-01 2026-07-01
CVE-2026-11981 The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the give_set_notification_status_handler() function. This makes it possible for unauthenticated attackers to disable donation email notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 4.3 0.15% 2026-07-01 2026-07-01
CVE-2026-14016 Inappropriate implementation in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 6.5 0.17% 2026-06-30 2026-07-01
CVE-2026-13963 Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 3.1 0.13% 2026-06-30 2026-07-02
CVE-2026-13952 Inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 4.3 0.15% 2026-06-30 2026-07-02
CVE-2026-13946 Inappropriate implementation in ScriptInjections in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 4.3 0.15% 2026-06-30 2026-07-02
CVE-2026-13944 Inappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 3.1 0.13% 2026-06-30 2026-07-02
CVE-2026-13887 Inappropriate implementation in NFC in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 6.5 0.21% 2026-06-30 2026-07-01
CVE-2026-13826 Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) 6.5 0.21% 2026-06-30 2026-07-01
CVE-2026-35096 KTM System e-BOK is vulnerable to Cross‑Site Request Forgery (CSRF) in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the attacker to trigger an unauthorized email or password change on behalf of the victim without their knowledge or interaction. This issue was fixed in the patch published in June 2026. 5.1 0.16% 2026-06-30 2026-06-30
«« 第一頁 « 上一頁 第 1 / 469 頁 下一頁 »
cvelogic Threat Intelligence