CVE-2026-9591 Cross-Site Request Forgery (CSRF) in SimplCommerce News Module

Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...

Tenda F3 跨站请求伪造漏洞

Tenda F3 is a wireless router produced by the Chinese company Tenda. The Tenda F3 V12.01.01.55multi version has a vulnerability related to cross-site request forgery attacks. This vulnerability arises from the lack of anti-CSRF protection in the web management interface, which may allow cross-sit...

CVE-2025-63711

CVE-2025-63711 is a CSRF vulnerability affecting SourceCodester Client Database Management System 1.0. The issue: the user deletion endpoint (e.g., superadmin_user_delete.php) accepts POST with user_id and lacks request origin checks, anti-CSRF tokens, and proper authentication/authorization. An ...