Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

341 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 3:10 p.m.7 views

CVE-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...

6.5CVSS6.7AI score0.93434EPSS
Exploits5
Vulnrichment
Vulnrichmentadded 2025/05/13 9:17 a.m.12 views

CVE-2025-4646 A high privilege user is able to create and use a valid admin API token in centreon-web

Incorrect Authorization vulnerability in Centreon web API Token creation form modules allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4...

7.2CVSS6.3AI score0.00252EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/05/13 12:0 a.m.8 views

CVE-2025-28057

owl-admin v3.2.2 to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/adminmenus/saveorder...

0.00251EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/04/26 6:13 a.m.8 views

CVE-2025-29513

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...

6.1CVSS6.1AI score0.04549EPSS
Exploits0References1
OSV
OSVadded 2025/04/18 6:15 p.m.6 views

CVE-2025-29513

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...

6.1CVSS6.1AI score0.04549EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/04/18 12:0 a.m.6 views

CVE-2025-29513

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...

6AI score0.04549EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/04/18 12:0 a.m.10 views

CVE-2025-29513

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...

0.04549EPSS
Exploits0References2
OSV
OSVadded 2025/03/10 8:41 p.m.7 views

GO-2025-3499 IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations in github.com/zitadel/zitadel

IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

9CVSS9AI score0.00373EPSS
Exploits0References12
Veracode
Veracodeadded 2025/03/10 8:21 a.m.8 views

Insecure Direct Object Reference (IDOR)

github.com/zitadel/zitadel is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control in the Admin API, allowing authenticated users without specific IAM roles to modify sensitive settings...

9CVSS6.7AI score0.00373EPSS
Exploits0References17Affected Software1
Github Security Blog
Github Security Blogadded 2025/03/04 4:43 p.m.26 views

IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations

Summary ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP...

9CVSS7.1AI score0.00373EPSS
Exploits0References14Affected Software2
OSV
OSVadded 2025/03/04 4:43 p.m.8 views

GHSA-F3GH-529W-V32X IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations

Summary ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP...

9CVSS6.9AI score0.00373EPSS
Exploits0References14
Vulnrichment
Vulnrichmentadded 2025/03/04 4:43 p.m.8 views

CVE-2025-27507 IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While...

9CVSS6.9AI score0.00373EPSS
Exploits0References2
CVE
CVEadded 2025/03/04 4:43 p.m.164 views

CVE-2025-27507

Summary: CVE-2025-27507 concerns IDOR flaws in Zitadel’s Admin API that authenticated users (without specific IAM roles) can exploit to modify sensitive settings, with the most critical impact on LDAP configurations. The vulnerability enables manipulation of LDAP-related endpoints (notably /idps/...

9CVSS9.3AI score0.00373EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2025/03/04 4:43 p.m.22 views

CVE-2025-27507 IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While...

9CVSS0.00373EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/03/04 12:0 a.m.8 views

PT-2025-9686 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.71.0 Zitadel versions prior to 2.70.1 Zitadel versions prior to 2.69.4 Zitadel versions prior to 2.68.4 Zitadel versions prior to 2.67.8 Zitadel versions prior to 2.66.11 Zitadel versions prior to 2.65.6 Zitadel...

9.9CVSS7.4AI score0.93874EPSS
Exploits19References61
RedhatCVE
RedhatCVEadded 2025/02/13 11:47 p.m.7 views

CVE-2024-35557

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/vpsApideal.php?mudi=rev=close...

5.5CVSS7.5AI score0.00135EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/02/05 2:13 p.m.10 views

CVE-2020-11012

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has bee...

9.3CVSS7AI score0.00133EPSS
Exploits0References1
NVD
NVDadded 2024/10/09 7:15 p.m.15 views

CVE-2024-3656

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...

8.1CVSS0.89656EPSS
Exploits0References8
Cvelist
Cvelistadded 2024/10/09 6:59 p.m.222 views

CVE-2024-3656 Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...

8.1CVSS0.89656EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2024/10/09 6:25 p.m.21 views

CVE-2024-3656

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. Mitigation Mitigation...

8.1CVSS7.8AI score0.89656EPSS
Exploits0References4
Rows per page
Query Builder