shopper/framework: Authorization bypass in multiple Livewire admin components

Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...

CVE-2026-7841 GV-ASWeb Remote Code Execution (RCE) vulnerability

A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...

CVE-2026-35464

Summary: CVE-2026-35464 affects pyLoad and describes an incomplete fix for CVE-2026-33509, where a non-admin user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store and trigger arbitrary code execution via a crafted pickle payload deserialized during re...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained security vulnerabilities. These vulnerabilities stemmed from the use of incorrect option names in the ADMINONLYCOREOPTIONS authorization set within the setconfigvalue function. As a...

SAMSUNG Settings 安全漏洞

SAMSUNG Settings is a setting service provided by Samsung Electronics of South Korea. Versions of SAMSUNG Settings prior to SMR Mar-2026 Release 1 contained security vulnerabilities. These vulnerabilities stemmed from improper intent verification by the broadcast receiver, which could allow local...

Cross-site Scripting (XSS)

Overview @umbraco-cms/backoffice is a This package contains the types for the Umbraco Backoffice. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the UFM rendering pipeline. An attacker can execute arbitrary scripts in the context of authenticated users by injecti...

CVE-2025-10622 Foreman: os command injection via ct_location and fcct_location parameters

A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...

CVE-2024-52928

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites with previously granted permissions to add new permissions when the user clicks anywhere on the website...

CVE-2023-30399

Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack...

Monkey race ray! RSA conference badge scanning application broke vulnerability-vulnerability warning-the black bar safety net

Recently, the BLUE BOX company's security researchers found: RSA 2 0 1 6 The General Assembly on the use of badge scanning APP there is a hard-coded default passwords. This year, RSA 2 0 1 6 The participants will get a unique surprise: the General Assembly, as many manufacturers offer a Samsung...