Lucene search
K

5 matches found

OSV
OSV
added 5 days ago3 views

CVE-2026-61450 Grav before 2.0.2 Config Exfiltration via offsetGet Filter

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author any admin.pages user, or anyone able to write to user/pages to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.12 views

CVE-2026-46362

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 7:17 p.m.22 views

CVE-2026-46362

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

7.1CVSS0.00303EPSS
Exploits0References2
NVD
NVD
added 2020/12/14 8:15 p.m.16 views

CVE-2020-20183

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00ABBX.3 and earlier allows attackers to gain privileges and access certain admin pages...

7.5CVSS7.7AI score0.01003EPSS
Exploits0References1
NVD
NVD
added 2008/07/31 4:41 p.m.17 views

CVE-2008-3407

phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie...

5CVSS7AI score0.03053EPSS
Exploits0References4
Rows per page
Query Builder