Lucene search
K

1133 matches found

Nuclei
Nuclei
added yesterday15 views

Oracle iPlanet Web Server 7.0.x - Image Injection

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...

7.5CVSS6.6AI score0.81814EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday8 views

MajorDoMo - Unauthenticated RCE

MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...

9.8CVSS6.7AI score0.06996EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday153 views

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

8.1CVSS6.9AI score0.02837EPSS
Exploits0References5
NVD
NVD
added 5 days ago11 views

CVE-2026-43752

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

4.9CVSS0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-43752

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

0.00289EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-43752

The CVE-2026-43752 entry concerns FileMaker Server: an authenticated administrator can upload a malicious file via the Admin Console’s Open Source LLM setup feature to achieve arbitrary code execution on the host. The root cause is the file upload path in the LLM setup flow that allows code execu...

4.9CVSS6.4AI score0.00289EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.6 views

IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 (7278590)

The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7278590 advisory. - IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS5.9AI score0.00474EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 8:50 p.m.40 views

CVE-2026-11594 IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...

8.5CVSS0.00337EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-11595

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...

7.5CVSS0.00474EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:50 p.m.15 views

CVE-2026-11595

CVE-2026-11595 affects IBM WebSphere Application Server 9.0 and 8.5. The IBM Security Bulletin describes a path traversal vulnerability in the administrative console’s integrated help system that could allow a remote attacker to obtain sensitive information. Affected products/versions include Web...

7.5CVSS5.8AI score0.00474EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/30 7:47 p.m.25 views

CVE-2026-11708

IBM WebSphere Application Server 9.0 and 8.5 are affected by a cross-site scripting vulnerability in the administrative console's integrated help system (CVE-2026-11708). Root cause described in the IBM bulletin is improper neutralization of input in the help system. Impact per the sources indica...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 7:47 p.m.38 views

CVE-2026-11708 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS0.00217EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:47 p.m.7 views

CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 7:45 p.m.41 views

CVE-2026-11712

CVE-2026-11712 affects IBM WebSphere Application Server 9.0 and 8.5, with a cross-site scripting vulnerability in the administrative console help system. IBM security bulletin and multiple sources (IBM pages for WebSphere vulnerabilities) identify CVSS v3.1 base score of 9.3, indicating high impa...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53985

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description The administrative console contains a cross-site scripting XSS flaw, which occurs when an application includes untrusted data in a web page...

8.5CVSS5.9AI score0.00337EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53961

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description A remote attacker could obtain sensitive information from the integrated help system of the administrative console. Recommendations At the...

7.5CVSS6AI score0.00474EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/23 4:14 p.m.4 views

EUVD-2026-38509

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context web/API is now...

4.3CVSS5.8AI score0.0031EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 2:45 p.m.28 views

Security Bulletin: IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)

Summary IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details CVEID:CVE-2026-11594 DESCRIPTION: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability in the administrative...

8.5CVSS5.7AI score0.00337EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/08 5:16 p.m.11 views

CVE-2026-25555

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

9.8CVSS0.01509EPSS
Exploits1References2
Rows per page
Query Builder