Lucene search
K

53 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3428

A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...

5.4CVSS5.5AI score0.00074EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 3:31 a.m.6 views

EUVD-2026-23158

A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...

5.4CVSS5.8AI score0.00074EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 3:16 a.m.6 views

CVE-2026-3428

A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...

5.4CVSS0.00074EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 2:2 a.m.15 views

CVE-2026-3428

CVE-2026-3428 affects the ASUS Member Center update modules. It enables local privilege escalation to Administrator via a TOC-TOU vulnerability in the update process: after a download, an unexpected payload can substitute the legitimate one and then execute with administrative privileges after us...

5.4CVSS5.8AI score0.00074EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/16 2:2 a.m.26 views

CVE-2026-3428

A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...

5.4CVSS0.00074EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/16 2:2 a.m.11 views

CVE-2026-3428

A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...

5.4CVSS5.8AI score0.00074EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33245

A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center华硕大厅 allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use TOC-TOU during the update process, where an unexpected payload is substitut...

5.4CVSS5.8AI score0.00074EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.11 views

ASUS Member Center 安全漏洞

ASUS Member Center is a membership management and service platform provided by ASUS Corporation in China. There is a security vulnerability in ASUS Member Center. This vulnerability stems from time checks in the update module and usage race conditions, which may lead to privilege escalation...

5.4CVSS5.8AI score0.00074EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4456

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.0026EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-34554

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:42 a.m.7 views

CVE-2023-30123

wuzhicms v4.1.0 is vulnerable to Cross Site Scripting XSS in the Member Center, Account Settings...

5.4CVSS6AI score0.00394EPSS
Exploits1References1
OSV
OSV
added 2025/02/20 10:15 p.m.2 views

CVE-2025-25960

Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/02/20 10:15 p.m.31 views

CVE-2025-25960

Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...

6.1CVSS0.0026EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/20 12:0 a.m.8 views

CVE-2025-25960

Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...

6.3AI score0.0026EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.4 views

PT-2025-7590 · Phpcmsv9 · Phpcmsv9

Name of the Vulnerable Software and Affected Versions: phpcmsv9 version 9.6.3 Description: The issue allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. This is a Cross-Site Scripting issue. Recommendations: For phpcmsv9...

6.1CVSS7.1AI score0.0026EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/02/20 12:0 a.m.30 views

CVE-2025-25960

Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator...

0.0026EPSS
Exploits1References1
NVD
NVD
added 2023/04/28 2:15 p.m.15 views

CVE-2023-30123

wuzhicms v4.1.0 is vulnerable to Cross Site Scripting XSS in the Member Center, Account Settings...

5.4CVSS5.3AI score0.00394EPSS
Exploits1References1
OSV
OSV
added 2023/04/28 2:15 p.m.8 views

CVE-2023-30123

wuzhicms v4.1.0 is vulnerable to Cross Site Scripting XSS in the Member Center, Account Settings...

5.4CVSS6.2AI score
Exploits0References1
Prion
Prion
added 2023/04/28 2:15 p.m.12 views

Cross site scripting

wuzhicms v4.1.0 is vulnerable to Cross Site Scripting XSS in the Member Center, Account Settings...

4.9CVSS5.2AI score0.00394EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.6 views

PT-2023-22546 · Wuzhicms · Wuzhi Cms

Name of the Vulnerable Software and Affected Versions: wuzhicms version 4.1.0 Description: The issue is related to Cross Site Scripting XSS in the Member Center, Account Settings. Recommendations: For wuzhicms version 4.1.0, as a temporary workaround, consider restricting access to the Member...

5.4CVSS6.2AI score0.00394EPSS
Exploits1References7
Rows per page
Query Builder