344 matches found
EUVD-2026-40299
A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...
CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions
A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...
CVE-2026-14209
A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...
CVE-2026-11986
CVE-2026-11986 involves the Keycloak admin-ui-ext component. The root cause is that certain bulk role-removal endpoints do not perform granular permission checks when deleting role mappings, enabling a delegated administrator with limited permissions to remove highly privileged roles from other u...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Cross-site scripting (XSS) vulnerability due to Apache Solr
Summary Admin UI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the Solr administrative web interface. CVE-2015-8797. Vulnerability Details CVEID:CVE-2015-8797 DESCRIPTION: Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page i...
CVE-2026-34164
Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...
EUVD-2026-8597
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering...
CVE-2026-22568
Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...
CVE-2026-22567
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...
CVE-2026-22567
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...
CVE-2026-22567 ZIA Admin UI Input Validation Bug
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...
CVE-2026-22567 ZIA Admin UI Input Validation Bug
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...
PT-2026-21526
Name of the Vulnerable Software and Affected Versions Zscaler Internet Access versions affected versions not specified Description An issue exists in the ZIA Admin UI where improper validation of user-supplied input can allow an authenticated administrator to initiate backend functions through...
Malicious code in epic-admin-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53764f149897a5c5d4373d2f217da3994123f2664db8150cfcf37b474ee632db The package epic-admin-ui was found to contain malicious code. Source: ghsa-malware 34cc1c893e75c3b3e5849e74fed6d7f75ce784c9e933d878d93e773fae313305...
MAL-2026-679 Malicious code in epic-admin-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53764f149897a5c5d4373d2f217da3994123f2664db8150cfcf37b474ee632db The package epic-admin-ui was found to contain malicious code. Source: ghsa-malware 34cc1c893e75c3b3e5849e74fed6d7f75ce784c9e933d878d93e773fae313305...
CVE-2026-24346
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application...
CVE-2026-24348
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users...
CVE-2026-24348
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users...
CVE-2026-24345
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI...
CVE-2026-24345
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI...