Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
CVE vulnerabilities with CWE-352 (10,574)
10.0
CVSS
CRITICAL
CVE-2025-12479
pub. 2025-10-29
10.0
CVSS
CRITICAL
CVE-2025-32642
pub. 2025-04-09
10.0
CVSS
CRITICAL
CVE-2025-23922
pub. 2025-01-16
10.0
CVSS
CRITICAL
CVE-2023-45128
pub. 2023-10-16
10.0
CVSS
CRITICAL
CVE-2017-5145
pub. 2017-02-13
10.0
CVSS
HIGH
CVE-2013-2762
pub. 2013-04-04
9.8
CVSS
CRITICAL
CVE-2025-48340
pub. 2025-05-19
9.8
CVSS
CRITICAL
CVE-2025-2907
pub. 2025-04-26
9.8
CVSS
CRITICAL
CVE-2025-31033
pub. 2025-04-09
9.8
CVSS
CRITICAL
CVE-2025-23797
pub. 2025-01-16
9.8
CVSS
CRITICAL
CVE-2024-56012
pub. 2024-12-16
9.8
CVSS
CRITICAL
CVE-2024-44677
pub. 2024-09-10
9.8
CVSS
CRITICAL
CVE-2024-34502
pub. 2024-05-05
9.8
CVSS
CRITICAL
CVE-2024-33449
pub. 2024-04-29
9.8
CVSS
CRITICAL
CVE-2024-29684
pub. 2024-03-26
9.8
CVSS
CRITICAL
CVE-2023-4659
pub. 2023-10-02
9.8
CVSS
CRITICAL
CVE-2022-20861
pub. 2022-07-21
9.8
CVSS
CRITICAL
CVE-2022-1574
pub. 2022-06-27
9.8
CVSS
CRITICAL
CVE-2022-1020
pub. 2022-04-18
9.8
CVSS
CRITICAL
CVE-2021-25032
pub. 2022-01-10
Showing 20 of 10,574 vulnerabilities