CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF...

PT-2025-37394

Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A flaw exists in yangzongzhuan RuoYi up to version 4.8.1 related to improper authorization within the Role Handler component. The issue is associated with the /system/role/authUser/cancelA...