Information Exposure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure via the connect process. An attacker can obtain sensitive host filesystem paths and deployment metadata by making authenticated requests as a non-admin client...

@backingman/keycloak (=0.0.0-alpha), @backstage-community/plugin-catalog-backend-module-keycloak (>=3.1.1 <=3.17.2) +86 more potentially affected by CVE-2026-2366 via @keycloak/keycloak-admin-client (>=15.1.0 <=26.5.5)

@keycloak/keycloak-admin-client NPM version =15.1.0, =3.1.1, =0.1.1, =0.1.1, =0.1.1, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =2.0.2 and more Source cves: CVE-2026-2366 Source advisory: OSV:GHSA-R8JR-WG88-FQ5C...

CVE-2025-12509

On a client with an admin user, a GlobalShipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights...

EUVD-2025-37364

On a client with an admin user, a GlobalShipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights...

CVE-2025-12509

On a client with an admin user, a GlobalShipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights...

Malicious code in mongodb-stitch-core-admin-client (npm)

The package mongodb-stitch-core-admin-client was found to contain malicious code...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the Admin.Client.UpdateClientConfig artifact. An attacker can gain elevated privileges and execute arbitrary commands by exploiting insufficient permission checks when collecting artifacts from endpoint...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the Admin.Client.UpdateClientConfig artifact. An attacker can gain elevated privileges and execute arbitrary commands by exploiting insufficient permission checks when collecting artifacts from endpoint...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the Admin.Client.UpdateClientConfig artifact. An attacker can gain elevated privileges and execute arbitrary commands by exploiting insufficient permission checks when collecting artifacts from endpoint...

Velociraptor 安全漏洞

Velociraptor is a Velocidex open source tool for collecting host-based state information using Velociraptor Query Language VQL queries. A security vulnerability exists in Velociraptor that stems from the failure of the Admin.Client.UpdateClientConfig artifact to enforce additional privileges, whi...

CVE-2022-40484

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/clientedit.php...

CVE-2022-30825

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\clientedit.php...

CVE-2011-5098

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...

CVE-2024-4725

A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientuser. The manipulation of the argument fname leads to cross site scripting. The attack can be launched...

CVE-2022-40484

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/clientedit.php...

CVE-2022-40402

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/clientassign.php...

Wedding Planner SQL注入漏洞

Wedding Planner is a wedding planner project by pushpam abhishek. Designed to provide users with an easy way to plan their wedding through a web application while using real data. Wedding Planner v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally...

Wedding Planner SQL注入漏洞

Wedding Planner is a wedding planner project by pushpam abhishek. Designed to provide users with an easy way to plan their wedding through a web application while using real data. Wedding Planner v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally...

PT-2022-25366 · Unknown · Wedding Planner

Name of the Vulnerable Software and Affected Versions: Wedding Planner version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the booking parameter at the "/admin/client assign.php" API endpoint. Recommendations: For Wedding Planner...

Design/Logic Flaw

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...