PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership

Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to owner. The issue is caused by privileged workspace-management routes using the shared dependency requireworkspacemember... without...

Vulnerabilities are handled in GitLab through GitLab Inc.

GitLab Inc. has addressed several vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE in various versions, particularly in releases from version 8.3 to 18.11.3. These vulnerabilities concern various components and functions within GitLab, including Jira integration, container...

EUVD-2026-28391

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /addmembers.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE...

CVE-2026-36387

A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /addmembers.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE...

CVE-2026-36387

CVE-2026-36387 affects CODEASTRO Membership Management System v1.0, specifically the /add_members.php file. The issue arises in the file upload functionality due to improper sanitization, allowing injection of malicious files that can lead to Remote Code Execution (RCE). The available documents c...

CVE-2026-5041

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

EUVD-2026-16985

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

CVE-2026-5041 code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

CVE-2026-5041

CVE-2026-5041 affects code-projects Chamber of Commerce Membership Management System 1.0. The vulnerability is in the fwrite usage of admin/pageMail.php, where manipulating the arguments mailSubject/mailMessage enables command injection. The attack could be remote and publicly available exploit c...

Code-Projects Chamber of Commerce Membership Management System 命令注入漏洞

Code-Projects Chamber of Commerce Membership Management System is an open-source membership management system developed by Code-Projects. Version 1.0 of the Code-Projects Chamber of Commerce Membership Management System has a command injection vulnerability. This vulnerability arises from imprope...

PT-2026-28749

Name of the Vulnerable Software and Affected Versions code-projects Chamber of Commerce Membership Management System version 1.0 Description A flaw exists in the Chamber of Commerce Membership Management System that allows for command injection. This issue is located in the fwrite function within...

Admidio 跨站请求伪造漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier had a cross-site request forgeing vulnerability. This...

CVE-2025-70150

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in deletemembers.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter...

CVE-2025-70150

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in deletemembers.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter...

CVE-2025-70148

Missing authentication and authorization in printmembershipcard.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference...

CVE-2025-70149

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in printmembershipcard.php via the ID parameter...

CodeAstro Membership Management System 安全漏洞

The CodeAstro Membership Management System is a member management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Membership Management System has a security vulnerability. This vulnerability stems from the lack of authentication in the deletemembers.php script, which may allow...

CVE-2025-70148

CodeAstro Membership Management System 1.0 is affected by an IDOR vulnerability in print_membership_card.php due to missing authentication/authorization. Unauthenticated attackers can access membership card data of arbitrary users by sending direct requests with a manipulated id parameter. CVSSv3...

PT-2026-20466

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print membership card.php via the ID parameter...

CVE-2025-70148

Missing authentication and authorization in printmembershipcard.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference...