1134 matches found
UBUNTU-CVE-2026-6667
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...
CVE-2026-6667
PgBouncer (pre-1.25.2) contains an authorization flaw in the KILL_CLIENT admin command: any user with access to the administration console could execute the command, instead of restricting it to admins listed in admin_users. This could allow unauthorized clients to be killed. Remediation: upgrade...
CVE-2026-6667
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...
CVE-2026-6667
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...
CVE-2026-6667
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...
PT-2026-39229
Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description An improper authorization check exists for the 'KILL CLIENT' admin command. Any user with access to the administration console can execute this command, whereas it should be restricted exclusively...
CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE
BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...
GHSA-MR6M-XJ7V-3CV3 Apache ActiveMQ Vulnerable to Code Injection
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...
CVE-2026-41044
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...
CVE-2026-41044
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...
PT-2026-34865
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.6 Apache ActiveMQ Broker versions 6.0.0 through 6.2.4 Apache ActiveMQ All versions prior to 5.19.6 Apache ActiveMQ All versions 6.0.0 through 6.2.4 Apache ActiveMQ versions prior to 5.19.6 Apache...
PT-2026-34867
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.6 Apache ActiveMQ versions 6.0.0 through 6.2.4 Apache ActiveMQ Broker versions prior to 5.19.6 Apache ActiveMQ Broker versions 6.0.0 through 6.2.4 Apache ActiveMQ All versions prior to 5.19.6 Apache...
CVE-2026-35174
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...
EUVD-2026-19422
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...
CVE-2026-35174 Chyrp Lite has a Path Traversal to Remote Code Execution
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...
CVE-2026-27174
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...
CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...
CVE-2026-27174
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...