CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

302 matches found

ATTACKERKB•added 2026/02/21 11:2 p.m.•4 views

CVE-2026-2894

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...

6.9CVSS5.3AI score0.00051EPSS

Exploits1References5

CNNVD•added 2026/02/21 12:0 a.m.•3 views

FunAdmin 授权问题漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin prior to 7.1.0-rc4 contained authorization-related vulnerabilities. These vulnerabilities stemmed from incorrect handling of the forgetcode/vercode parameters in the...

8.1CVSS5.8AI score0.00128EPSS

Exploits1References5

Positive Technologies•added 2026/02/21 12:0 a.m.•4 views

PT-2026-21398

Name of the Vulnerable Software and Affected Versions funadmin versions up to 7.1.0-rc4 Description A flaw exists in funadmin that could allow information disclosure. This issue is related to the getMember function within the app/frontend/view/login/forget.html file. The attack can be initiated...

6.9CVSS5.5AI score0.00051EPSS

Exploits1References7

CNNVD•added 2026/02/21 12:0 a.m.•5 views

FunAdmin 访问控制错误漏洞

FunAdmin is a lightweight and highly colorful backend development system based on ThinkPHP6+Layui. An access control error vulnerability exists in funadmin. The vulnerability stems from the lack of validation of user privileges in the function getMember in the file...

9.1CVSS6AI score0.00051EPSS

Exploits1References5

Positive Technologies•added 2026/02/21 12:0 a.m.•1 views

PT-2026-21400

Name of the Vulnerable Software and Affected Versions funadmin versions up to 7.1.0-rc4 Description A weakness exists in funadmin that could lead to improper authorization. This is due to a manipulation possible in the setConfig function within the app/backend/controller/Ajax.php file of the...

7.5CVSS6.8AI score0.00046EPSS

Exploits1References14

Positive Technologies•added 2026/02/21 12:0 a.m.•2 views

PT-2026-21399

Name of the Vulnerable Software and Affected Versions funadmin versions through 7.1.0-rc4 Description A security flaw exists in funadmin that allows for weak password recovery. The issue is located in the repass function within the app/frontend/controller/Member.php file. Manipulation of the forg...

6.3CVSS4.6AI score0.00128EPSS

Exploits1References8