12462 matches found
CVE-2026-31985
CVE-2026-31985 affects the Remote Collector when configuring a Guardian or CMC via n2os-tui. The generated configuration disables TLS certificate verification, with no option to re-enable it, enabling MITM and potentially theft of the sync token, impersonation of the server, injection of spoofed ...
WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting
WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests. id: CVE-2020-17453 info: name: WSO2 Carbon Management...
WP Query Console <= 1.0 - Remote Code Execution
Improper Control of Generation of Code 'Code Injection' vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console- from n/a through 1.0. id: CVE-2024-50498 info: name: WP Query Console = 1.0 - Remote Code Execution author: s4e-io severity: critical...
Keycloak < 24.0.5 - Broken Access Control
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...
MajorDoMo - Unauthenticated RCE
MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...
NetScaler Console - Sensitive Information Disclosure
Sensitive information disclosure in NetScaler Console id: CVE-2024-6235 info: name: NetScaler Console - Sensitive Information Disclosure author: DhiyaneshDk severity: critical description: | Sensitive information disclosure in NetScaler Console impact: | Attackers can access sensitive information...
Oracle iPlanet Web Server 7.0.x - Image Injection
Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...
BIT-ACTIVEMQ-2026-52760 Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...
BIT-ACTIVEMQ-2026-49877 Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console
Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...
MinIO Cluster Deployment - Information Disclosure
MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD. An attacker can potentially obtain sensitive...
GHSA-QCR8-X557-7CP3 @asymmetric-effort/specifyjs: Production console warnings may leak internal framework state
Finding Location: core/src/core/scheduler.ts:23, core/src/hooks/dispatcher.ts:100, core/src/client/graphql.ts:71 Several console.warn calls are not gated behind DEV and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query...
IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 (7278590)
The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7278590 advisory. - IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...
CVE-2026-11594
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...
CVE-2026-11594
CVE-2026-11594 affects IBM WebSphere Application Server components (8.5 and 9.0; with related advisories also mentioning 9.1) where the administrative console is vulnerable to cross-site scripting. The core issue is XSS in the administrative console login/page rendering. Public bulletins from IBM...
CVE-2026-11594 IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...
EUVD-2026-40411
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...
CVE-2026-11595
IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...
CVE-2026-11708
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...
CVE-2026-11595 IBM WebSphere Application Server is affected by a Path Traversal vulnerability
IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...
EUVD-2026-40398
IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...