CVE-2026-7882

Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...

CVE-2023-36643

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function...

UBUNTU-CVE-2023-23610

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access including...

Secomea SiteManager 安全漏洞

Secomea SiteManager is a software application from the Danish company Secomea. It provides a remote maintenance function for industrial equipment. A security vulnerability exists in Secomea SiteManager versions prior to 9.5, which stems from an unprotected credentials transfer vulnerability in th...