CVE-2026-50881

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

Infoopia Dovestones AD Self Update 安全漏洞

Infoopia Dovestones AD Self Update is a self-service catalog information update tool developed by the Canadian company Infoopia. Versions of Infoopia Dovestones AD Self Update prior to 4.0.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the lack of CSRF token protection...

CVE-2025-64063

Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...

PT-2025-37487

Name of the Vulnerable Software and Affected Versions: PHPGurukul Student-Result-Management-System-Using-PHP-V2.0 version 2.0 Description: A Cross-Site Request Forgery CSRF flaw exists in the Profile Page of the software. This allows an attacker to trick authenticated users into unintentionally...

CVE-2024-33753

Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization...