CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

303 matches found

Cvelist•added 2026/02/21 11:2 p.m.•21 views

CVE-2026-2894 funadmin forget.html getMember information disclosure

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...

6.9CVSS0.004EPSS

Exploits1References5

CVE•added 2026/02/21 11:2 p.m.•13 views

CVE-2026-2894

FunAdmin up to 7.1.0-rc4 is affected by an access-control error in the forget.html getMember function that enables information disclosure. The issue allows remote exploitation with publicly available exploit code. Multiple sources confirm the vulnerability in the same component and version range....

9.1CVSS5.3AI score0.004EPSS

Exploits1References5Affected Software1

CNNVD•added 2026/02/21 12:0 a.m.•4 views

FunAdmin 授权问题漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin prior to 7.1.0-rc4 contained authorization-related vulnerabilities. These vulnerabilities stemmed from incorrect handling of the forgetcode/vercode parameters in the...

8.1CVSS5.8AI score0.00392EPSS

Exploits1References5

Positive Technologies•added 2026/02/21 12:0 a.m.•3 views

PT-2026-21399

Name of the Vulnerable Software and Affected Versions funadmin versions through 7.1.0-rc4 Description A security flaw exists in funadmin that allows for weak password recovery. The issue is located in the repass function within the app/frontend/controller/Member.php file. Manipulation of the forg...

6.3CVSS4.6AI score0.00392EPSS

Exploits1References8

Positive Technologies•added 2026/02/21 12:0 a.m.•4 views

PT-2026-21400

Name of the Vulnerable Software and Affected Versions funadmin versions up to 7.1.0-rc4 Description A weakness exists in funadmin that could lead to improper authorization. This is due to a manipulation possible in the setConfig function within the app/backend/controller/Ajax.php file of the...

7.5CVSS6.8AI score0.00286EPSS

Exploits1References14

CNNVD•added 2026/02/21 12:0 a.m.•10 views

FunAdmin 访问控制错误漏洞

FunAdmin is a lightweight and highly colorful backend development system based on ThinkPHP6+Layui. An access control error vulnerability exists in funadmin. The vulnerability stems from the lack of validation of user privileges in the function getMember in the file...

9.1CVSS6AI score0.004EPSS

Exploits1References5

Positive Technologies•added 2026/02/21 12:0 a.m.•6 views

PT-2026-21398

Name of the Vulnerable Software and Affected Versions funadmin versions up to 7.1.0-rc4 Description A flaw exists in funadmin that could allow information disclosure. This issue is related to the getMember function within the app/frontend/view/login/forget.html file. The attack can be initiated...

6.9CVSS5.5AI score0.004EPSS

Exploits1References7