Lucene search
K

7 matches found

Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-1433 uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
NVD
NVD
added 2026/05/15 7:17 p.m.17 views

CVE-2026-45009

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.34 views

CVE-2026-45009 phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

5.3CVSS0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-41356

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 11:16 p.m.7 views

CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS0.01157EPSS
Exploits3References8
Vulnrichment
Vulnrichment
added 2026/02/27 10:11 p.m.6 views

CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS5.9AI score0.01157EPSS
Exploits3References8
OSV
OSV
added 2026/02/27 10:11 p.m.5 views

CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS7.1AI score0.01157EPSS
Exploits3References11
Rows per page
Query Builder