9 matches found
CVE-2026-41662
Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...
CVE-2026-41662
Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30131)
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...
USN-7564-1 samba vulnerability
It was discovered that Samba incorrectly handled certain group membership changes when using Kerberos authentication. A remote user could possibly use this issue to continue to access resources after being removed by an administrator...
SoftIron HyperCloud Security Vulnerability
SoftIron HyperCloud is an intelligent cloud architecture from SoftIron. A security vulnerability exists in SoftIron HyperCloud versions 1.0 through prior to 2.1 that stems from the presence of a mismanagement of privileges vulnerability. An attacker at the administrator level can exploit this...
Wordpress plugin Float menu cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the Wordpress plugin Float menu, which stems fr...
WordPress 跨站请求伪造漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the Wordpress plugin Float menu, which stems fr...
Ec-cube 跨站请求伪造漏洞
EC-CUBE is an open source system for creating shopping websites. EC-CUBE versions 2.11.0 - 2.17.1 have a cross-site request forgery vulnerability in the administration interface. An attacker could exploit the vulnerability to remove administrators by tricking a user with administrative privileges...
The vulnerability of the microprogrammed logic controllers from Rockwell Automation, the Micrologix 1100 and Micrologix 1400, is related to deficiencies in access control. This allows a intruder to remove all administrators, thereby disabling additional functions of the device.
The vulnerability of the microprogrammed logic controllers from Rockwell Automation, the Micrologix 1100 and Micrologix 1400, is related to deficiencies in access control. Exploiting this vulnerability could allow a person with administrator privileges to remotely remove all administrators, there...