GHSA-5M2G-4CF6-C3RG funadmin has Incorrect Privilege Assignment in its Configuration Handler

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the setConfig function in the Configuration Handler. An attacker can gain unauthorized access to sensitive information and modify configuration settings by sending crafted requests remotely. Remediatio...

funadmin has Incorrect Privilege Assignment in its Configuration Handler

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

CVE-2026-2896

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

CVE-2026-2896

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

PT-2026-21452

Name of the Vulnerable Software and Affected Versions Dromara UJCMS version 101.2 Description A path traversal issue exists in Dromara UJCMS version 101.2. This is due to manipulation of the deleteDirectory function within the WebFileTemplateController.delete file of the Template Handler componen...

PT-2026-21427

Name of the Vulnerable Software and Affected Versions Zaher1307 tiny web server versions prior to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b Description A flaw exists in the URL Handler component of Zaher1307 tiny web server. This issue allows for an out-of-bounds write, potentially enabling remote...

dst-admin 安全漏洞

dst-admin is a web application developed by Qinming99 using the Java language. Versions of dst-admin prior to 1.5.0 contained security vulnerabilities. These vulnerabilities stemmed from incorrect operations on the deleteBackup function in the FileHandler component within the...

PT-2026-21468

Name of the Vulnerable Software and Affected Versions qinming99 dst-admin versions up to 1.5.0 Description A flaw exists in qinming99 dst-admin that can lead to a denial of service. This issue is related to the deleteBackup function within the BackupController.java file located in the...

PT-2026-21450

Name of the Vulnerable Software and Affected Versions rymcu forest versions up to 0.0.5 Description A cross-site scripting issue exists in rymcu forest. The issue is located in the updateUserInfo function within the src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java file of the...

FunAdmin 授权问题漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have authorization-related vulnerabilities. These vulnerabilities stem from incorrect operations on the setConfig function in the component Configuration Handler...

PT-2026-21431

Name of the Vulnerable Software and Affected Versions rymcu forest versions prior to 0.0.6 Description A security issue exists in rymcu forest up to version 0.0.5. The XssUtils.replaceHtmlCode function within the src/main/java/com/rymcu/forest/util/XssUtils.java file, part of the Article...

CVE-2026-2896 funadmin Configuration Ajax.php setConfig improper authorization

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

CVE-2026-2896 funadmin Configuration Ajax.php setConfig improper authorization

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

CVE-2026-2896

Funadmin up to 7.1.0-rc4 is affected by CVE-2026-2896 due to a flaw in the setConfig function of app/backend/controller/Ajax.php (Configuration Handler). The issue allows remote manipulation to cause improper authorization. Exploitation is possible over the network with no privileges and no user ...

GHSA-Q2R8-VMQ7-FPX2 MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific fla...

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific fla...

SUSE CVE-2026-2705

A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploi...

CVE-2026-2033

CVE-2026-2033 affects the MLflow Tracking Server artifact handling, exposing a Directory Traversal leading to Remote Code Execution . The flaw is in validating user-supplied artifact paths, allowing an attacker to execute code in the service account context without authentication. Multiple source...

CVE-2026-2033

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific fla...