GHSA-W388-2392-PX73 praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role

Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspaceid/members/userid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can remove any other member, including the workspace owner, using a single DELETE. There is...

PT-2026-37222

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A flaw in the Web Management Interface component allows a remote attacker to cause a buffer overflow, which occurs when more data is written to a memory buffer than it can hold. This is achieved by...

CVE-2025-50654

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thdmember.asp endpoint...

EUVD-2025-209335

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thdmember.asp endpoint...

CVE-2025-50654

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thdmember.asp endpoint...

CVE-2025-50660

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /urlmember.asp endpoint...

CVE-2025-50654

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thdmember.asp endpoint...

EUVD-2025-205491

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-15118

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-15118

CVE-2025-15118 affects macrozheng mall (up to v1.0.3), specifically the Member Endpoint’s /member/address/update/ path. The underlying issue is improper authorization caused by manipulation of that file, enabling remote exploitation. Public exploit information is noted in multiple sources. Affect...

PT-2025-53633

Name of the Vulnerable Software and Affected Versions macrozheng mall versions up to 1.0.3 Description A security issue has been identified in macrozheng mall. The issue relates to improper authorization within the Member Endpoint component, specifically affecting unknown code within the...

itsourcecode Gym Management System 注入漏洞

itsourcecode Gym Management System is an open source gym management system by itsourcecode. An injection vulnerability exists in itsourcecode Gym Management System version 1.0, which originates from an SQL injection caused by a parameter ID operation in the file /ajax.php?action=deletemember...

CVE-2025-4195

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /ajax.php?action=savemember. The manipulation of the argument umemberid leads to sql injection. The attack can be initiated remotely. The...

itsourcecode Gym Management System 安全漏洞

itsourcecode Gym Management System is an open source gym management system by itsourcecode. A security vulnerability exists in itsourcecode Gym Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the umemberid parameter in...

PT-2023-25007 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical issue was found in the actionEdit function of the ?r=dashboard/roleadmin/edit&op=member endpoint, part of the Add User Handler component. The manipulation of the id argument leads to SQL injection...

CVE-2021-21389

BuddyPress (WordPress plugin) prior to 7.2.1 is affected by a REST API privilege-escalation vulnerability that can lead to remote code execution. A non-privileged user could exploit the REST API members endpoint (v1/members/me) to gain administrator rights. Affected versions are 5.0.0 through 7.2...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. BuddyPress has a security vulnerability prior to 5.0.0 and 7.2.1 that can be exploited by an attacke...

qibosoft Cross-Site Request Forgery Vulnerability

qibosoft is a content management system of China Qibo Software qibosoft Company. A cross-site request forgery vulnerability exists in qibosoft version 7.0. A remote attacker can add a user account using admin/index.php?lfj=member&action=addmember to exploit this vulnerability...