3204 matches found
CVE-2026-8480 Connection possible to the Administration portal with a revoked certificate
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...
CVE-2026-5136 Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...
WeGIA <= 3.6.4 - Remote Code Execution
WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...
ZTE Cable Modem Web Shell
ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to webshellcmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. id: CVE-2014-2321 info: name: ZTE Cable Modem Web Shell author:...
Tattile Camera < 1.181.5 - Default Login
Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...
CData API Server < 23.4.8844 - Path Traversal
A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...
CData Connect < 23.4.8846 - Path Traversal
A path traversal vulnerability exists in the Java version of CData Connect 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31849 info: name: CData Connect 23.4.8846...
TOTOLINK A3002RU 1.0.8 - Information Disclosure
TOTOLINK A3002RU firmware version 1.0.8 contains a vulnerability in which an unauthenticated attacker can obtain the plaintext admin password by making a GET request for password.htm. This allows remote attackers to gain administrative access without credentials. id: CVE-2018-13317 info: name:...
CVE-2025-7958
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details...
Zyxel - Authentication Bypass
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...
CVE-2026-55611
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...
CVE-2026-35019
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...
CVE-2026-35019 NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...
JetBrains YouTrack < 2024.2.148429 / < 2024.3.148430 / < 2025.1.148120 / < 2025.2.148048 / < 2025.3.148033 / < 2026.1.13757 Authentication Bypass (CVE-2026-50242)
The version of JetBrains YouTrack installed on the remote host is prior to 2024.2.148429, 2024.3.x prior to 2024.3.148430, 2025.1.x prior to 2025.1.148120, 2025.2.x prior to 2025.2.148048, 2025.3.x prior to 2025.3.148033, or 2026.1.x prior to 2026.1.13757. It is, therefore, affected by an...
CVE-2026-50242
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible...
CVE-2026-50242
JetBrains Hub is affected by an authentication bypass vulnerability in versions listed (before 2026.1.13757; 2025.3.148033; 2025.2.148048; 2025.1.148120; 2024.3.148430; 2024.2.148429). The issue allows bypass via direct database access, leading to administrative access. The CVSS metrics indicate ...
PT-2026-50873
Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...
EUVD-2026-37795
Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed and checkPropertyAllowed implementations in the custom Twig SecurityPolicy. Attackers can...
CVE-2026-11409
An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...
CVE-2026-11410
The CVE-2026-11410 entry concerns TL-WR940N v6 (BigPond Cable BPA WAN config) with an authenticated OS command injection caused by improper input sanitization in the configuration module. An administrator can trigger arbitrary command execution with elevated privileges on the device via the BPA W...