CVE-2026-32755

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

CVE-2026-32755 Admidio is Missing CSRF Protection on Role Membership Date Changes

Admidio is an open-source user management solution. In versions 5.0.6 and below, the savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and...

CVE-2025-68523 WordPress Spiffy Calendar plugin <= 5.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through = 5.0.7...

CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

Demtec Graphytics 代码注入漏洞

Demtec Graphytics is an application from Demtec Corporation. A code injection vulnerability exists in Demtec Graphytics version 5.0.7 that stems from improper handling of the description parameter in the /visualization file, which could lead to a cross-site scripting attack...

CVE-2017-13069

QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 for QTS 4.2.x, 5.0.7 for QTS 4.3.x, and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS...