Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability stems from the function concrete/controllers/backend/file addFavoriteFolder$id, which is vulnerable to cross-sit...

PT-2026-42569

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/dialog/page/bulk/design' endpoint. CSRF is a flaw that allows an attacker to induce users to perform actions they do not...

CVE-2026-45385 Open WebUI: An IDOR vulnerability exists in the update_message_by_id API endpoint

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

LDAP Account Manager 安全漏洞

LDAP Account Manager LAM is an open-source web frontend for managing entries stored in LDAP directories, such as users, groups, and DHCP settings. Prior to version 9.5 of LDAP Account Manager, there was a security vulnerability due to the PDF export component not properly verifying the file...

Parse Server 授权问题漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were authorization-related vulnerabilities in versions of Parse Server prior to 8.6.10 and 9.5.0-alpha.11. These vulnerabilities stemmed from the...

Astro 代码问题漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 9.5.4 had code vulnerabilities. These vulnerabilities stemmed from server-side rendering of pages, where errors were handled through server-side request forgeing, potentially allowing attackers t...

acroread: multiple unspecified flaws (APSB12-08, APSB12-01)

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373...