CVE-2026-11476

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

CVE-2026-10254

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-10254

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used...

EUVD-2026-33633

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used...

EUVD-2026-31041

The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of nonce verification on the settings save handler in the w2cadmin function, combined with missing inp...

CVE-2026-4013

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file addadmin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...

CVE-2022-0267

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotateaction before using it in a SQL statement via the adrotaterequestaction function available to admins, leading to a SQL injection...

CVE-2024-2659

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function...

PT-2025-50864

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogallery admin function hooked to admin menu. This makes it possible for authenticated attackers, with...

EUVD-2025-201667

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminrunning.php. Executing manipulation of the argument productimage can lead to unrestricted upload. It is possible to launch the attack remotely...

CVE-2025-51682

mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...

CVE-2025-51682

mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...

CVE-2025-13576

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

Exploit for CVE-2025-11171

CVE-2025-11171: Missing Authentication in Chartify WordPress P...

CVE-2025-11171 Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function

The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to the plugin registering an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter,...

EUVD-2017-8115

Malware in sbrugna...

EUVD-2020-10935

Malware in sbrugna...

EUVD-2024-31846

Malicious code in bioql PyPI...

PT-2025-23770 · D Link · D-Link Dcs-932L

Name of the Vulnerable Software and Affected Versions: D-Link DCS-932L version 2.18.01 Description: A critical issue was found in the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack...

CVE-2024-9790

A vulnerability was found in LyLmespage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...