CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

CVE•added 2025/07/18 1:48 p.m.•29 views

CVE-2025-7784

CVE-2025-7784 - Keycloak FGAPv2 Privilege Escalation This entry describes a privilege-escalation vulnerability in Keycloak when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user who holds the manage-users role can elevate themselves to realm-admin due to improper privile...

6.5CVSS6.7AI score0.0009EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2025/05/23 4:39 a.m.•6 views

CVE-2023-26284

IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417...

8.8CVSS6.3AI score0.00509EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:31 a.m.•5 views

CVE-2015-2230

Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console...

6.1CVSS6.1AI score0.00215EPSS

Exploits0References1

Cvelist•added 2025/02/18 5:54 p.m.•8 views

CVE-2024-4028 Keycloak-core: stored xss in keycloak when creating a items in admin console

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items Resource and Permissions from the admin console, leading to a stored cross-site scripting XSS attack...

3.8CVSS0.00204EPSS

Exploits0References2

OSV•added 2024/02/17 2:15 a.m.•2 views

CVE-2024-20939

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Admin Console. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technica...

4.3CVSS6.5AI score0.00091EPSS

Exploits0References1

OSV•added 2021/02/11 8:15 p.m.•19 views

CVE-2021-21025

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful...

9.1CVSS7.5AI score

Exploits0References1

OSV•added 2018/07/03 5:29 p.m.•0 views

CVE-2018-11636

Cross-site request forgery CSRF vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions...

8.8CVSS5.9AI score0.00204EPSS

Exploits1References1

OSV•added 2018/01/26 2:29 a.m.•0 views

CVE-2018-1342

A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console...

9.8CVSS5.8AI score0.00411EPSS

Exploits0References1

Cvelist•added 2017/10/26 5:0 p.m.•23 views

CVE-2017-12158

It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...

5.6AI score0.00668EPSS

Exploits0References5

ATTACKERKB•added 2015/01/21 6:59 p.m.•1 views

CVE-2015-0396

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console...

7.5CVSS5.5AI score0.00819EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by