Lucene search
K

62 matches found

OSV
OSV
added 2026/05/15 9:31 p.m.13 views

GHSA-W9MJ-GFRM-HJ5X Duplicate Advisory: phpMyFAQ has an Authorization Bypass in All Admin Pages Due to Non-Terminating Permission Check

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hpgw-ww76-c68r. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in...

7.1CVSS5.6AI score0.00303EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 7:17 p.m.22 views

CVE-2026-46362

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

7.1CVSS0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 6:36 p.m.11 views

EUVD-2026-30599

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

6.5CVSS5.9AI score0.00303EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 6:36 p.m.4 views

CVE-2026-46362 phpMyFAQ - Authorization Bypass in Admin Pages via Non-Terminating Permission Check

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

7.1CVSS6.1AI score0.00303EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.6 views

CVE-2026-7635

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...

8.1CVSS5.8AI score0.00481EPSS
Exploits0References13
EUVD
EUVD
added 2026/04/21 7:14 p.m.11 views

EUVD-2026-24254

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 9:17 p.m.2 views

CVE-2026-34164 Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...

4.9CVSS5.9AI score0.00366EPSS
Exploits0References7
CVE
CVE
added 2026/03/25 11:53 p.m.12 views

CVE-2026-34056

OpenEMR (up to version 8.0.0.3) contains a Broken Access Control vulnerability that lets low-privilege users view and download Ensora eRx error logs without proper authorization, exposing sensitive information and potentially enabling misuse. Available public details do not indicate a patch as of...

7.7CVSS5.8AI score0.00271EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/02/18 7:21 p.m.12 views

CVE-2025-70064

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user Patient can directly access the Administrator Dashboard and all sub-modules e.g., User Logs, Doctor Management by manually browsing to the /admin/ directory after authentication. This...

8.8CVSS0.00476EPSS
Exploits1References2
OSV
OSV
added 2025/11/18 3:16 p.m.11 views

CVE-2025-59115

Windu CMS is vulnerable to Stored Cross-Site Scripting XSS in the logon page where input data has no proper validation. Malicious attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting logs page by admin. Only version 4.1 was tested and confirmed as...

5.4CVSS5.8AI score0.00154EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/18 1:26 p.m.13 views

CVE-2025-59115 Stored XSS in Windu CMS

Windu CMS is vulnerable to Stored Cross-Site Scripting XSS in the logon page where input data has no proper validation. Malicious attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting logs page by admin. Only version 4.1 was tested and confirmed as...

5.3CVSS0.00148EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/18 1:26 p.m.2 views

CVE-2025-59115 Stored XSS in Windu CMS

Windu CMS is vulnerable to Stored Cross-Site Scripting XSS in the logon page where input data has no proper validation. Malicious attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting logs page by admin. Only version 4.1 was tested and confirmed as...

5.3CVSS5AI score0.00154EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/24 3:31 p.m.24 views

EUVD-2025-35851

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...

6.1CVSS6.2AI score0.00178EPSS
Exploits1References2
NVD
NVD
added 2025/10/24 3:15 p.m.8 views

CVE-2025-60936

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...

6.1CVSS0.00178EPSS
Exploits1References1
OSV
OSV
added 2025/10/24 12:0 a.m.6 views

CVE-2025-60936

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...

6.1CVSS6.7AI score0.00178EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17122

Malware in sbrugna...

6.1CVSS6.3AI score0.00989EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-3445

Malware in sbrugna...

8.8CVSS8.8AI score0.01054EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-40915

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00473EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-43444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match...

8.2CVSS7AI score0.00376EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.7 views

Juzaweb CMS 安全漏洞

Juzaweb CMS is a content management system developed by Juzaweb Individual Developer based on the Laravel framework and Web platform. A security vulnerability exists in Juzaweb CMS 3.4.2 and earlier versions, which stems from improper access control in the file /admin-cp/logs/email...

5.3CVSS4.8AI score0.00384EPSS
Exploits1References5
Rows per page
Query Builder