Lucene search
K

1134 matches found

OSV
OSV
added 2026/05/09 1:16 a.m.11 views

UBUNTU-CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References3
CVE
CVE
added 2026/05/09 12:43 a.m.28 views

CVE-2026-6667

PgBouncer (pre-1.25.2) contains an authorization flaw in the KILL_CLIENT admin command: any user with access to the administration console could execute the command, instead of restricting it to admins listed in admin_users. This could allow unauthorized clients to be killed. Remediation: upgrade...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/09 12:43 a.m.22 views

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/09 12:43 a.m.7 views

CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/09 12:43 a.m.34 views

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/09 12:43 a.m.5 views

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/09 12:43 a.m.42 views

CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.17 views

PT-2026-39229

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description An improper authorization check exists for the 'KILL CLIENT' admin command. Any user with access to the administration console can execute this command, whereas it should be restricted exclusively...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/24 3:48 p.m.4 views

CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS5.9AI score0.0054EPSS
Exploits0References5
OSV
OSV
added 2026/04/24 12:30 p.m.6 views

GHSA-MR6M-XJ7V-3CV3 Apache ActiveMQ Vulnerable to Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.4AI score0.0098EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/24 10:16 a.m.4 views

CVE-2026-41044

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

6.5AI score0.0098EPSS
Exploits0References2Affected Software3
Debian CVE
Debian CVE
added 2026/04/24 10:16 a.m.18 views

CVE-2026-41044

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.6AI score0.0098EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.15 views

PT-2026-34865

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.6 Apache ActiveMQ Broker versions 6.0.0 through 6.2.4 Apache ActiveMQ All versions prior to 5.19.6 Apache ActiveMQ All versions 6.0.0 through 6.2.4 Apache ActiveMQ versions prior to 5.19.6 Apache...

8.8CVSS6.5AI score0.04783EPSS
Exploits13References41
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.12 views

PT-2026-34867

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.6 Apache ActiveMQ versions 6.0.0 through 6.2.4 Apache ActiveMQ Broker versions prior to 5.19.6 Apache ActiveMQ Broker versions 6.0.0 through 6.2.4 Apache ActiveMQ All versions prior to 5.19.6 Apache...

9CVSS6.1AI score0.0098EPSS
Exploits0References38
NVD
NVD
added 2026/04/06 6:16 p.m.5 views

CVE-2026-35174

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS0.00559EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 5:50 p.m.11 views

EUVD-2026-19422

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References1
OSV
OSV
added 2026/04/06 5:50 p.m.4 views

CVE-2026-35174 Chyrp Lite has a Path Traversal to Remote Code Execution

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.3AI score0.00559EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.7 views

CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

9.8CVSS6.9AI score0.06996EPSS
Exploits4References1
Cvelist
Cvelist
added 2026/02/18 9:10 p.m.34 views

CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

9.8CVSS0.06996EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2026/02/18 9:10 p.m.2 views

CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

9.8CVSS6.7AI score0.06996EPSS
Exploits4References5
Rows per page
Query Builder