343 matches found
CVE-2025-12411
The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1.1.10. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
CVE-2023-53690
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...
CVE-2025-46363
Dell Secure Connect Gateway SCG 5.0 Application and Appliance versions 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API if this REST API is enabled by Admin user from UI. A low privileged attacker with remote...
CVE-2025-46363
Dell Secure Connect Gateway SCG 5.0 Application and Appliance versions 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API if this REST API is enabled by Admin user from UI. A low privileged attacker with remote...
CVE-2025-12251 OpenWGA Admin UI cross site scripting
A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted ear...
CVE-2025-12251
OpenWGA 7.11.12 Build 737 — vulnerability in the Admin UI component enables cross-site scripting. The issue affects the Admin UI function; root cause is a flaw that allows remote execution of scripts. Impact is client-side data integrity/defense separation with potential for arbitrary script exec...
CVE-2025-12251 OpenWGA Admin UI cross site scripting
A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted ear...
PT-2025-43909
Name of the Vulnerable Software and Affected Versions OpenWGA version 7.11.12 Build 737 Description A security issue exists in OpenWGA that allows for cross site scripting. The issue impacts an unknown function within the Admin UI component and can be initiated remotely. The exploit for this issu...
EUVD-2025-34902
ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal...
Cross-site Scripting (XSS)
Overview ezsystems/ezplatform-admin-ui is a package that is part of the eZ Platform Admin UI Bundle. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the reschedule/cancel-schedule modal in the back office interface. An attacker can execute arbitrary scripts by...
net.optionfactory.keycloak:optionfactory-keycloak-providers (>=8.1 <=8.9), org.keycloak.testframework:keycloak-test-framework-clustering (>=26.3.0 <=26.3.3) +23 more potentially affected by CVE-2025-10044 via org.keycloak:keycloak-admin-ui (>=26.3.0 <=26.3.3)
org.keycloak:keycloak-admin-ui MAVEN version =26.3.0, =8.1, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.3 and more Source cves: CVE-2025-10044https://vulners.com/c...
com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +29 more potentially affected by CVE-2025-10044 via org.keycloak:keycloak-admin-ui (>=1.0-alpha-1-12062013 <=26.2.5)
org.keycloak:keycloak-admin-ui MAVEN version =1.0-alpha-1-12062013, =2.5.6-24.0, =0.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.2.0, =26.2.0, =26.1.0, =26.1.0, =26.2.5 and m...
Brute-Force Attack
ethycafides is vulnerable to brute-force attack. The vulnerability is due to the absence of specific anti-automation controls on the Admin UI login endpoint, which allows an attacker to perform credential testing attacks such as credential stuffing or password spraying to gain unauthorized access...
EUVD-2018-3000
Malware in sbrugna...
EUVD-2020-24090
Malware in sbrugna...
EUVD-2017-16596
Malware in sbrugna...
EUVD-2017-16595
Malware in sbrugna...
EUVD-2020-11490
Malware in sbrugna...
EUVD-2015-7292
Malware in sbrugna...
EUVD-2020-0039
Malware in sbrugna...