Lucene search
K

1124 matches found

Nuclei
Nuclei
added 2 hours ago34 views

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

8.1CVSS7.2AI score0.02837EPSS
Exploits0References5
Nuclei
Nuclei
added 2 hours ago13 views

Oracle iPlanet Web Server 7.0.x - Image Injection

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...

7.5CVSS6.5AI score0.81814EPSS
Exploits0References3
Nuclei
Nuclei
added 2 hours ago7 views

MajorDoMo - Unauthenticated RCE

MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...

9.8CVSS6.8AI score0.06996EPSS
Exploits4References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-11594 IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...

8.5CVSS0.00281EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS0.00217EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-11595

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...

4.3CVSS0.00272EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-11595

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...

4.3CVSS5.8AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-11708 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-11712

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.4 views

EUVD-2026-38509

Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context web/API is now...

4.3CVSS5.8AI score0.0031EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 2:45 p.m.19 views

Security Bulletin: IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)

Summary IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details CVEID:CVE-2026-11594 DESCRIPTION: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability in the administrative...

8.5CVSS5.7AI score0.00281EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/08 5:16 p.m.10 views

CVE-2026-25555

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

9.8CVSS0.01509EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

7.2CVSS6AI score0.00461EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/27 7:37 a.m.129 views

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

LAB 2 - CVE-2017-10271: WebLogic XMLDecoder Deserialization Wr...

7.5CVSS8.2AI score0.99993EPSS
Exploits45
GithubExploit
GithubExploit
added 2026/05/20 9:31 p.m.111 views

Exploit for CVE-2026-2587

CVE-2026-2587 — GlassFish EL Injection RCE...

9.6CVSS6.1AI score0.00628EPSS
Exploits2
Snyk
Snyk
added 2026/05/20 3:35 p.m.10 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the admin console endpoints such as /web/configuration/virtualServerEdit.jsf. An attacker can execute arbitrary syst...

9.1CVSS6AI score0.00819EPSS
Exploits1References3
OSV
OSV
added 2026/05/19 3:31 p.m.7 views

GHSA-96V6-HQ43-X9H4 GlassFish's Administration Console is Vulnerable to RCE

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...

9.1CVSS6.1AI score0.00819EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/13 12:48 a.m.11 views

EUVD-2026-29878

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

6.1AI score0.00461EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 12:48 a.m.12 views

EUVD-2026-29879

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

6AI score0.00457EPSS
Exploits0References2
Rows per page
Query Builder