53 matches found
CVE-2026-3428
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...
EUVD-2026-23158
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...
CVE-2026-3428
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...
CVE-2026-3428
CVE-2026-3428 affects the ASUS Member Center update modules. It enables local privilege escalation to Administrator via a TOC-TOU vulnerability in the update process: after a download, an unexpected payload can substitute the legitimate one and then execute with administrative privileges after us...
CVE-2026-3428
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...
CVE-2026-3428
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...
PT-2026-33245
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...
ASUS Member Center 安全漏洞
ASUS Member Center is a membership management and service platform provided by ASUS Corporation in China. There is a security vulnerability in ASUS Member Center. This vulnerability stems from time checks in the update module and usage race conditions, which may lead to privilege escalation...
EUVD-2025-4456
Malicious code in bioql PyPI...
EUVD-2023-34554
Malicious code in bioql PyPI...
CVE-2023-30123
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting XSS in the Member Center, Account Settings...
CVE-2025-25960
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...
CVE-2025-25960
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...
CVE-2025-25960
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...
PT-2025-7590 · Phpcmsv9 · Phpcmsv9
Name of the Vulnerable Software and Affected Versions: phpcmsv9 version 9.6.3 Description: The issue allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. This is a Cross-Site Scripting issue. Recommendations: For phpcmsv9...
CVE-2025-25960
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...
CVE-2023-30123
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting XSS in the Member Center, Account Settings...
CVE-2023-30123
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting XSS in the Member Center, Account Settings...
Cross site scripting
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting XSS in the Member Center, Account Settings...
PT-2023-22546 · Wuzhicms · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: wuzhicms version 4.1.0 Description: The issue is related to Cross Site Scripting XSS in the Member Center, Account Settings. Recommendations: For wuzhicms version 4.1.0, as a temporary workaround, consider restricting access to the Member...