CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

CVE-2026-12986

Technical details are not publicly available in the provided documents. Monitor for updates.

EUVD-2026-38793

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

org.glassfish.main.admingui:admingui (>=7.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=7.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2587 via org.glassfish.jsftemplating:jsftemplating (>=4.0.0 <=4.1.0)

org.glassfish.jsftemplating:jsftemplating MAVEN version =4.0.0, =7.0.0, =7.0.0, =7.0.16, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2587 Source advisory: SNYK:JAVA-ORGGLASSFISHJSFTEMPLATING-167906...

org.glassfish.main.admingui:admingui (>=6.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=6.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2587 via org.glassfish.jsftemplating:jsftemplating (>=3.0.0 <=4.1.0)

org.glassfish.jsftemplating:jsftemplating MAVEN version =3.0.0, =6.0.0, =6.0.0, =7.0.16, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2587 Source advisory: OSV:GHSA-29WV-CV7P-XJC2https://vulners.c...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=8.0.1), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=8.0.1) +15 more potentially affected by CVE-2026-2586 via org.glassfish.main.admingui:console-common (>=3.1.2 <=8.0.1)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =8.0.1 and more Source cves: CVE-2026-2586 Source advisory: OSV:GHSA-96V6-HQ43-X9H4...

CVE-2025-64328 FreePBX Administration GUI is Vulnerable to Authenticated Command Injection

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the...

PT-2025-44300

Name of the Vulnerable Software and Affected Versions Blu-Castle BCUM221E version 1.0.0P220507 Description A Cross-Site Request Forgery CSRF issue exists in the administrative web GUI. This can be exploited through various methods, including a crafted URL, loading an image, or using an...

CVE-2024-45161

A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution...

EUVD-2020-0419

Malware in sbrugna...

Malicious code in dct-admin-gui (npm)

The package dct-admin-gui was found to contain malicious code...

MAL-2025-18108 Malicious code in dct-admin-gui (npm)

The package dct-admin-gui was found to contain malicious code...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=9.0.0-M2), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=9.0.0-M2) +16 more potentially affected by CVE-2024-9408 via org.glassfish.main.admingui:console-common (>=3.1.2 <=9.0.0-M2)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =9.0.0-M2 and more Source cves: CVE-2024-9408 Source advisory:...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=9.0.0-M2), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=9.0.0-M2) +16 more potentially affected by CVE-2024-10029 via org.glassfish.main.admingui:console-common (>=3.1.2 <=9.0.0-M2)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =9.0.0-M2 and more Source cves: CVE-2024-10029 Source advisory:...

org.glassfish.main.distributions:glassfish (>=4.0 <=4.0-b90), org.glassfish.main.distributions:web (>=4.0 <=4.0-b90) +4 more potentially affected by CVE-2024-10032 via org.glassfish.main.admingui:console-cluster-plugin (>=4.0 <=9.0.0-M2)

org.glassfish.main.admingui:console-cluster-plugin MAVEN version =4.0, =4.0, =4.0, =6.2.5, =4.1, =4.1, =4.0, =5.0 Source cves: CVE-2024-10032 Source advisory: SNYK:JAVA-ORGGLASSFISHMAINADMINGUI-10946489...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=7.0.25), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=7.0.25) +15 more potentially affected by CVE-2024-9342 via org.glassfish.main.admingui:console-common (>=3.1.2 <=7.0.25)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =7.0.25 and more Source cves: CVE-2024-9342 Source advisory: OSV:GHSA-99F7-HP6J-V6Q4...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=7.0.25), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=7.0.25) +15 more potentially affected by CVE-2024-10031 via org.glassfish.main.admingui:console-common (>=3.1.2 <=7.0.25)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =7.0.25 and more Source cves: CVE-2024-10031 Source advisory: OSV:GHSA-HP97-5X6G-Q538...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=7.0.25), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=7.0.25) +15 more potentially affected by CVE-2024-10029 via org.glassfish.main.admingui:console-common (>=3.1.2 <=7.0.25)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =7.0.25 and more Source cves: CVE-2024-10029 Source advisory: OSV:GHSA-VQRM-83G6-PFV4...

Unable to access NetScaler via SSH. SSH daemon process not running or able to start.

Device not accessible via SSH. Admin GUI actions that require SSH i.e. Generate Tech Support Bundle, Ping, simulated CLI do not work, shows error ""errorcode":"2138","message":"Not authorized to execute this command","severity":"ERROR"" Unable to access device via SCP. sshd process not running an...