488 matches found
CVE-2026-2586
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
CVE-2026-2586
CVE-2026-2586: An authenticated RCE in GlassFish Administration Console. A user with console access can send crafted requests to execute arbitrary OS commands with the privileges of the application service user. Affected: GlassFish Admin Console. Impact (per provided metrics): high confidentialit...
CVE-2026-2586
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
CVE-2026-2586
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
EUVD-2026-30939
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
CVE-2026-2586
An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...
PT-2026-41932
Name of the Vulnerable Software and Affected Versions GlassFish affected versions not specified Description An authenticated Remote Code Execution RCE issue exists in the Administration Console. A user with access to the panel can send crafted requests to execute arbitrary operating system comman...
CVE-2026-6667
A flaw was found in PgBouncer. An improper authorization check in the KILLCLIENT administration command allows any user with access to the administration console to terminate client connections. This can lead to a Denial of Service DoS for affected clients, as the system fails to restrict this...
Linux Distros Unpatched Vulnerability : CVE-2026-6667
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console...
CVE-2026-41044
A flaw was found in Apache ActiveMQ. An authenticated attacker can exploit an improper input validation vulnerability in the admin web console to craft a malicious broker name. This malicious name, containing an xbean binding, can be used by a virtual machine VM transport to load a remote Spring...
CVE-2026-0873
The issue concerns Ercom Cryptobox administration console on Cryptobox platforms using administrator segregation by entities. Affected component: the administration console; vulnerability type: privilege escalation where an authenticated entity administrator with sufficient knowledge can elevate ...
CVE-2026-0873 Privilege Elevation in Ercom Cryptobox administration console
On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator...
CVE-2026-0873
On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator...
CVE-2023-49226
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root...
CVE-2021-28973
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks...
CVE-2021-31225
SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed...
CVE-2020-24054
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments;...
CVE-2025-14266
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console...
EUVD-2025-203894
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console...
CVE-2025-14266 CSRF in Ercom Cryptobox administration console
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console...