Lucene search
K

7622 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-2586

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...

9.1CVSS6AI score0.00819EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-46824

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

9.9CVSS5.5AI score0.00264EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 7:45 a.m.7 views

Insufficient Granularity of Access Control

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the getMembers methods that serve the group members endpoint. A...

5.1CVSS5.4AI score0.00348EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 10:16 a.m.11 views

CVE-2026-50224

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 9:26 a.m.24 views

CVE-2026-50224

CVE-2026-50224 describes that the web administration panel binds broadly to the public IPv6 space on port [::]:8080 with no default firewall limits, making internal API endpoints reachable over the WAN. The NVD entry cites a network attack vector with low exploit complexity and no user interactio...

6.9CVSS5.8AI score0.00234EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/04 9:26 a.m.42 views

CVE-2026-50224 Unauthenticated IPv6 WAN Management Exposure

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS0.00234EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.24 views

PT-2026-46890

Summary This is a vertical authorization bypass in the Admin API affecting order state transition features /api/ action/order/orderId/state/transition and similar transaction/delivery transition routes. The root cause is that the transition action routes do not declare required server-side ACL...

6.5CVSS5.9AI score0.00041EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46176

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The web administration panel binds broadly to the public IPv6 address space on port ':::8080' without default firewall limits. This configuration allows internal...

6.9CVSS5.3AI score0.00234EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.10 views

CVE-2026-36608

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...

5.8AI score0.00181EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.17 views

WebADM Security Auditor and Content Exposure Scanner

This Python script is a defensive security auditing tool designed to analyze a target web application for potential information exposure and security misconfigurations, specifically focusing on environments resembling WebADM. This was tested on version 2.4.17-1...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.16 views

CVE-2026-10171

A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public a...

5.8CVSS5.7AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 9:57 p.m.7 views

GHSA-RWJR-QJJ3-MQ2F Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`

Summary modules/categories.php checks that the supplied type parameter ANN, EVT, ROL, USF, … corresponds to a module the actor administers. The follow-up "is this specific category editable by me" check at lines 56-61 is dead code because it compares $getType a category-type code against mode nam...

6.5CVSS5.9AI score0.00029EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2026/05/29 8:53 p.m.30 views

The White House’s Aliens.gov Site Brags That ICE Arrested More Than 700 US Citizens

The website, which compares human beings to extraterrestrials, touts arrest numbers from the Trump administration’s sweeping immigration crackdown. But some of its details are really out there...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:25 p.m.8 views

CVE-2026-5386

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...

9.1CVSS5.8AI score0.00624EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/05/29 2:16 p.m.18 views

CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

8.8CVSS0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 12:16 p.m.22 views

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00882EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 12:16 p.m.17 views

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS0.00882EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2026/05/29 11:2 a.m.14 views

Chilling Effects

Younger Americans have soured on the second Donald Trump presidency, but they are not protesting it. Despite an unpopular Iran war and an even more unpopular Trump administration, college campus protests nationwide have gone silent. And at many schools, student activism is virtually nonexistent...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/29 10:49 a.m.11 views

EUVD-2025-209988

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

8.8CVSS6AI score0.00437EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 10:48 a.m.35 views

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS0.00882EPSS
Exploits0References1
Rows per page
Query Builder