CVE-2026-1203

A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...

CRMEB authorization issue vulnerabilities

CRMEB is an open-source Java e-commerce system developed by CRMEB. Versions of CRMEB 5.6.3 and earlier contained a vulnerability related to authorization issues. This vulnerability stemmed from incorrect handling of the parameter ‘uid’ in the component’s JSON Token Handler file,...

CVE-2025-68718

KAYSUS KS-WR1200 routers, firmware 107, expose SSH and TELNET on the LAN interface with hardcoded credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password, and changing the management GUI password has no effect on SSH/TELNET authentication. Any...

Shopify: change Login Services settings without owner access

Hi in settings - account owner can set login service for staff members! this is only available for owners, and full access admins can't see or change this values! admin with setting access can send a "POST" request to shop.json and change this settings! steps: - get access token for one full acce...

Shopify: Shop admin can change external login services

'Login services' section in the Settings-Account is accessible only to the Account owners. However, shop admins full access users can escalate privileges and modify the login services. To verify, 1. Log into https://seclearn.myshopify.com as admin. 2. Navigate to settings-Account, notice that it...