CVE-2026-8350 Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group

Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulkuserassignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove...

EUVD-2024-49924

Malicious code in bioql PyPI...

Eyes of Network Web 跨站请求伪造漏洞

Eyes of Network Web is a global regulatory solution for hardware status of devices, operating systems, standard applications, business applications and performance from the Eyes of Network Web community. A security vulnerability exists in Eyes of Network Web version 5.3, which stems from a lack o...

UCenter存在多处CSRF（可备份数据、删除应用、删除管理员等）

简要描述： UCenter存在多处CSRF（可备份数据、删除应用、删除管理员等） 详细说明： UCenter有很多处没有判断formhash啊……都可以CSRF…… 漏洞证明： 1 删除应用 formhash为空，成功提交 2 删除管理员 formhash为空，成功删除 3 备份数据 无formhash，目录名可控 img src="https://images.seebug.org/upload/201410/041241325af3f4ef84e017e7a80...