2874 matches found
CVE-2026-27668
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary SAM-P All versions V5.8. User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access t...
CVE-2026-42674
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...
WordPress Advanced Access Manager - Path Traversal
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...
Zoho ManageEngine - Access Control Bypass
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...
CVE-2026-42674
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...
CVE-2026-42674 WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...
EUVD-2026-33689
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...
CVE-2026-42674 WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...
CVE-2026-42674
The CVE concerns the WordPress plugin Advanced Access Manager (AAM)
Oracle Access Manager - Remote Code Execution
The Oracle Access Manager portion of Oracle Fusion Middleware component: OpenSSO Agent is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with...
WordPress plugin Advanced Access Manager has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
PT-2026-45461
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...
Zoho ManageEngine - Remote Code Execution
Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...
CVE-2026-27768
SQL Injection affecting the Access Manager role...
CVE-2026-27768
SQL Injection affecting the Access Manager role...
EUVD-2026-31705
SQL Injection affecting the Access Manager role...
CVE-2026-27768
SQL Injection affecting the Access Manager role...
CVE-2026-27768
SQL Injection affecting the Access Manager role...
CVE-2026-27768
CVE-2026-27768 is a SQL Injection vulnerability affecting the Access Manager role. The CVSS 3.1 vector (NETWORK, HIGH complexity, HIGH privileges required, NONE user interaction) yields a base score of 6.6 (MEDIUM). The provided documents do not specify affected products/versions beyond attributi...
CVE-2026-27768
SQL Injection affecting the Access Manager role...