Search Vulnerabilities

b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF)

CVE-2026-23622

CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover

CVE-2021-47754

Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF)

CVE-2025-15376

Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery

CVE-2025-14846

SocialChamp with WordPress <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Update

CVE-2025-15377

Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery

CVE-2025-14389

WPBlogSyn <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update

CVE-2025-14615

DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection

CVE-2026-0493

Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)

Jan 13, 2026

CVE-2026-22800

LOW

PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences

Jan 12, 2026

CVE-2025-14976

User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion

CVE-2026-22030

React Router has CSRF issue in Action/Server Action Request Processing

CVE-2026-22194

GestSup <= 3.2.56 CSRF Allows Privileged Actions

CVE-2025-13749

Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering

CVE-2025-68158

Authlib: 1-click Account Takeover

Jan 8, 2026

CVE-2019-25259

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery

CVE-2025-14077

Simcast <= 1.0.0 - Cross-Site Request Forgery to Settings Update

CVE-2025-13990

Mamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation

CVE-2025-14465

Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update

CVE-2025-13521

WP Status Notifier <= 1.0 - Cross-Site Request Forgery to Settings Update

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2021-47800

b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF)

CVE-2026-23622

CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover

CVE-2021-47754

Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF)

CVE-2025-15376

Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery

CVE-2025-14846

SocialChamp with WordPress <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Update

CVE-2025-15377

Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery

CVE-2025-14389

WPBlogSyn <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update

CVE-2025-14615

DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection

CVE-2026-0493

Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)

Jan 13, 2026

CVE-2026-22800

LOW

PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences

Jan 12, 2026

CVE-2025-14976

User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion

CVE-2026-22030

React Router has CSRF issue in Action/Server Action Request Processing

CVE-2026-22194

GestSup <= 3.2.56 CSRF Allows Privileged Actions

CVE-2025-13749

Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering

CVE-2025-68158

Authlib: 1-click Account Takeover

Jan 8, 2026

CVE-2019-25259

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery

CVE-2025-14077

Simcast <= 1.0.0 - Cross-Site Request Forgery to Settings Update

CVE-2025-13990

Mamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation

CVE-2025-14465

Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update

CVE-2025-13521

WP Status Notifier <= 1.0 - Cross-Site Request Forgery to Settings Update