Lucene search
K

4 matches found

NVD
NVD
added 2026/06/17 2:18 p.m.11 views

CVE-2026-9591

Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...

6.9CVSS0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 1:41 p.m.26 views

CVE-2026-9591 Cross-Site Request Forgery (CSRF) in SimplCommerce News Module

Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...

6.9CVSS0.00197EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 1:41 p.m.36 views

CVE-2026-9591

CVE-2026-9591 documents a CSRF vulnerability in the SimplCommerce News module. The issue is in the NewsItemApiController and allows an unauthenticated remote attacker to create or modify news items as an administrator by submitting a crafted form to /api/news-items, due to missing anti-CSRF prote...

6.9CVSS5.4AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 1:41 p.m.8 views

EUVD-2026-37710

Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...

8.3CVSS5.4AI score0.00197EPSS
Exploits0References2
Rows per page
Query Builder