CVE-2026-8327 Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass.

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the locale/save.php file, which directly concatenated $POSTflag to construct the file path witho...

Yifan YF325 缓冲区错误漏洞

Yifan YF325 is a wireless router from Yifan. The Yifan YF325 suffers from a buffer overflow vulnerability that stems from a boundary error in the gwcfgcgisetmanagepostdata function malloc function when handling untrusted input. An attacker can exploit this vulnerability to cause a buffer overflow...

CVE-2021-30134

php-mod/curl a wrapper of the PHP cURL extension before 2.3.2 allows XSS via the postfilepathupload.php key parameter and the POST data to postmultidimensional.php...