Lucene search

K

Admin Security Vulnerabilities

cve
cve

CVE-2023-46722

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites....

6.1CVSS

6.1AI Score

0.001EPSS

2023-10-31 04:15 PM
19
cve
cve

CVE-2023-5844

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to...

7.2CVSS

5.5AI Score

0.001EPSS

2023-10-30 11:15 AM
39
cve
cve

CVE-2023-46754

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical...

5.3CVSS

5.4AI Score

0.0005EPSS

2023-10-26 05:15 AM
24
cve
cve

CVE-2023-40852

SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in...

9.8CVSS

9.3AI Score

0.001EPSS

2023-10-16 09:15 PM
16
cve
cve

CVE-2023-40851

Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration...

5.4CVSS

5.3AI Score

0.0005EPSS

2023-10-16 09:15 PM
17
cve
cve

CVE-2023-41672

Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2...

8.8CVSS

8.8AI Score

0.001EPSS

2023-10-09 07:15 PM
22
cve
cve

CVE-2023-4737

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before...

9.8CVSS

9.7AI Score

0.001EPSS

2023-09-27 03:19 PM
16
cve
cve

CVE-2023-42817

Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall...

5.4CVSS

5.3AI Score

0.0004EPSS

2023-09-25 07:15 PM
70
cve
cve

CVE-2023-43270

dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at...

9.8CVSS

9.7AI Score

0.002EPSS

2023-09-22 07:15 PM
21
cve
cve

CVE-2023-42280

mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file...

7.5CVSS

7.5AI Score

0.001EPSS

2023-09-21 07:15 PM
19
cve
cve

CVE-2023-40329

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZest Custom Admin Login Page | WPZest plugin <= 1.2.0...

5.9CVSS

4.9AI Score

0.0004EPSS

2023-09-06 09:15 AM
14
cve
cve

CVE-2023-28801

An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.This issue affects Admin UI: from 6.2 before...

9.8CVSS

9.5AI Score

0.001EPSS

2023-08-31 02:15 PM
42
cve
cve

CVE-2023-33929

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3...

5.9CVSS

4.8AI Score

0.0004EPSS

2023-08-30 01:15 PM
11
cve
cve

CVE-2023-3604

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection...

7.5CVSS

7.5AI Score

0.001EPSS

2023-08-21 05:15 PM
26
cve
cve

CVE-2023-30782

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5...

7.1CVSS

5.9AI Score

0.0005EPSS

2023-08-16 10:15 AM
7
cve
cve

CVE-2021-29378

SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to...

8.8CVSS

9.2AI Score

0.001EPSS

2023-08-11 02:15 PM
9
cve
cve

CVE-2023-38286

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and...

7.5CVSS

7.8AI Score

0.001EPSS

2023-07-14 05:15 AM
28
cve
cve

CVE-2023-37280

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...

6.1CVSS

6.6AI Score

0.001EPSS

2023-07-11 07:15 PM
25
cve
cve

CVE-2023-29347

Windows Admin Center Spoofing...

8.7CVSS

7.1AI Score

0.001EPSS

2023-07-11 06:15 PM
128
cve
cve

CVE-2023-27225

A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name...

5.4CVSS

5.3AI Score

0.001EPSS

2023-07-06 02:15 AM
8
cve
cve

CVE-2023-3139

The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection...

6.1CVSS

6.7AI Score

0.001EPSS

2023-07-04 08:15 AM
18
cve
cve

CVE-2023-34648

A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the...

6.1CVSS

6.2AI Score

0.0005EPSS

2023-06-29 03:15 AM
12
cve
cve

CVE-2023-34021

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29...

7.1CVSS

6AI Score

0.0005EPSS

2023-06-23 12:15 PM
11
cve
cve

CVE-2023-24420

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <= 1.1.1...

7.1CVSS

6AI Score

0.0005EPSS

2023-06-15 02:15 PM
14
cve
cve

CVE-2021-4360

The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted...

9.9CVSS

8.4AI Score

0.001EPSS

2023-06-07 02:15 AM
18
cve
cve

CVE-2023-33736

A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL...

5.4CVSS

5.2AI Score

0.001EPSS

2023-05-31 01:15 PM
20
cve
cve

CVE-2023-24007

Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4...

8.8CVSS

8.8AI Score

0.001EPSS

2023-05-26 12:15 PM
15
cve
cve

CVE-2023-30417

A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private...

5.4CVSS

5.3AI Score

0.001EPSS

2023-04-25 01:15 PM
11
cve
cve

CVE-2023-23994

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1...

5.9CVSS

4.8AI Score

0.0005EPSS

2023-04-07 12:15 PM
26
cve
cve

CVE-2023-28596

Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-03-27 09:15 PM
17
cve
cve

CVE-2023-23721

Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50...

8.8CVSS

8.8AI Score

0.001EPSS

2023-03-20 12:15 PM
21
cve
cve

CVE-2023-22883

Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-03-16 09:15 PM
21
cve
cve

CVE-2023-24249

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP...

7.2CVSS

7.2AI Score

0.002EPSS

2023-02-27 07:15 PM
103
cve
cve

CVE-2023-25572

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and...

5.4CVSS

5.2AI Score

0.001EPSS

2023-02-13 09:15 PM
25
cve
cve

CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl...

9.8CVSS

9.7AI Score

0.957EPSS

2023-02-13 08:15 PM
396
In Wild
cve
cve

CVE-2022-47762

In gin-vue-admin < 2.5.5, the download module has a Path Traversal...

7.5CVSS

7.4AI Score

0.002EPSS

2023-02-03 09:15 PM
15
cve
cve

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS

8AI Score

0.001EPSS

2023-02-02 03:17 PM
52
cve
cve

CVE-2023-0648

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

7.5CVSS

7.9AI Score

0.001EPSS

2023-02-02 03:17 PM
51
cve
cve

CVE-2023-0647

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...

7.5CVSS

7.9AI Score

0.001EPSS

2023-02-02 03:17 PM
61
cve
cve

CVE-2023-0646

A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...

7.5CVSS

8AI Score

0.001EPSS

2023-02-02 03:17 PM
56
cve
cve

CVE-2022-32747

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to...

8.1CVSS

7.8AI Score

0.0004EPSS

2023-01-30 11:15 PM
16
cve
cve

CVE-2022-32748

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...

8.3CVSS

8AI Score

0.0005EPSS

2023-01-30 11:15 PM
20
cve
cve

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is...

7.2CVSS

7AI Score

0.001EPSS

2023-01-09 11:15 PM
28
cve
cve

CVE-2021-4292

A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site...

6.1CVSS

6AI Score

0.001EPSS

2022-12-27 11:15 PM
29
cve
cve

CVE-2020-36636

A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup...

6.1CVSS

6AI Score

0.001EPSS

2022-12-27 11:15 PM
17
cve
cve

CVE-2021-4291

A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects unknown code of the file omod/src/main/webapp/pages/metadata/locations/location.gsp. The manipulation leads to cross site scripting. The attack can be initiated...

6.1CVSS

6.1AI Score

0.001EPSS

2022-12-27 11:15 PM
23
cve
cve

CVE-2022-4604

A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to....

8.8CVSS

8.7AI Score

0.001EPSS

2022-12-18 11:15 AM
33
cve
cve

CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to...

9.8CVSS

9.4AI Score

0.003EPSS

2022-12-09 09:15 PM
106
cve
cve

CVE-2022-3824

The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

4.8CVSS

4.7AI Score

0.001EPSS

2022-11-28 02:15 PM
38
6
cve
cve

CVE-2022-38724

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow...

5.4CVSS

5.4AI Score

0.001EPSS

2022-11-23 12:15 AM
42
7
Total number of security vulnerabilities234