EUVD-2026-36089

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic...

GHSA-8QHJ-4F8C-J8QG Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents

Summary The dashboard exposes the cron manual-trigger action as an authenticated GET /api/v1/cron/:id/manual endpoint. Dashboard JWTs are sent in the nz-jwt cookie and configured with SameSite=Lax, which browsers include on top-level cross-site GET navigations. Because this state-changing GET...

CVE-2026-10864

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

CVE-2026-10112

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2026-10112 sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard cross site scripting

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

PT-2026-43610

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-30238

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...

EUVD-2026-29982

A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40703

A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40703 BIG-IP Configuration utility CSRF vulnerability

A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2026-40876

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.7 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description An issue in customizable analytics dashboards allows an authenticated user to execute arbitrary JavaScript in...

F5 BIG-IP 跨站请求伪造漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a cross-site request forgery vulnerability, which originates from the...

PT-2026-40656

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description A cross-site request forgery CSRF issue exists in the dashboard of the BIG-IP Configuration utility. CSRF is a flaw that allows an attacker to induce a user...

CVE-2026-44343 WGDashboard: Critical Vulnerability in 4.3.2

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

EUVD-2026-26498

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

PYSEC-2026-100

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information...

CVE-2026-24178

NVIDIA NVFlare Dashboard (security bulletin for NVIDIA FLARE SDK) lists CVE-2026-24178 as a critical vulnerability in the user management and authentication system. An unauthenticated attacker may bypass authorization via a user-controlled key, with potential impacts including privilege escalatio...

CVE-2026-26460

A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...

Anchorr 安全漏洞

Anchorr is an open-source Discord bot developed by openVESSL that integrates media search and notifications. Versions of Anchorr 1.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from a storage cross-site scripting vulnerability in the Web dashboard user mapping...

parse-hipaa-dashboard (>=1.5.0 <=2.0.5) potentially affected by CVE-2026-27610 via parse-dashboard (>=7.3.0 <=8.5.0)

parse-dashboard NPM version =7.3.0, =1.5.0, =2.0.5 Source cves: CVE-2026-27610 Source advisory: OSV:GHSA-JHP4-JVQ3-W5XR...