Xxhzz

**Name of the Vulnerable Software and Affected Versions** Apache ShenYu version 2.5.0 **Description** The issue is related to Improper Privilege Management in Apache ShenYu, where ShenYu Admin allows low-privilege low-level administrators to create users with higher privileges than their own. **Recommendations** For Apache ShenYu version 2.5.0, upgrade to Apache ShenYu 2.5.1 or apply the provided patch.

**Name of the Vulnerable Software and Affected Versions** 74cmsSE version 3.12.0 **Description** The issue allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. **Recommendations** For 74cmsSE version 3.12.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 74cmsSE version 3.12.0 **Description** The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Title` field. This is achieved through the `/api/admin/notice/add` API endpoint. **Recommendations** For 74cmsSE version 3.12.0, consider disabling access to the `/api/admin/notice/add` API endpoint until a patch is available to prevent exploitation. Avoid using the `Title` field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 74cmsSE version 3.13.0 **Description** An arbitrary file upload issue in the "/api/admin/upload/attach" API endpoint allows attackers to execute arbitrary code via a crafted PHP file. **Recommendations** For 74cmsSE version 3.13.0, consider disabling the "/api/admin/upload/attach" API endpoint until a patch is available to prevent arbitrary file uploads.