1711 matches found
CVE-2026-24431
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...
CVE-2026-24431
The CVE-2026-24431 entry concerns Shenzhen Tenda W30E V2 devices. Concrete details from connected sources show that firmware versions up to and including V16.01.0.19(5037) store user account passwords in plaintext in the administrative web interface, allowing any user with access to affected mana...
EUVD-2026-4663
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...
CVE-2026-24431
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...
CVE-2026-24431 Tenda W30E V2 Web UI Reveals Passwords in Cleartext
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...
PT-2026-4796
Name of the Vulnerable Software and Affected Versions TP-Link Archer MR600 version v5 Description A command injection issue exists in the admin interface component. Authenticated attackers can execute system commands with a limited character length through crafted input in the browser developer...
WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Custom Admin Interface versions = 7.41...
CVE-2021-47905
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...
CVE-2021-47905 MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...
CVE-2021-47905
CVE-2021-47905 concerns the MyBB Delete Account Plugin (v1.4) with a stored/reflected-like cross-site scripting flaw in the account deletion reason input field. The vulnerability allows an attacker to inject malicious scripts that can execute in the admin interface when viewing delete account rea...
CVE-2021-47905 MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...
PT-2026-4518
Name of the Vulnerable Software and Affected Versions MyBB Delete Account Plugin version 1.4 Description The MyBB Delete Account Plugin contains a cross-site scripting issue in the account deletion reason input field. An attacker can inject malicious scripts that will execute in the admin interfa...
GHSA-594W-2FWP-JWRC Keycloak Admin REST API exposes backend schema and rules
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...
CVE-2025-14083 Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...
CVE-2026-23492
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...
GHSA-QVR7-7G55-69XJ Pimcore Has an Incomplete Patch for CVE-2023-30848
Summary An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments -- and catching syntax errors, the fix is insufficient. Attackers can still...
CVE-2026-23492
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...
CVE-2025-71166
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71166 Typesetter CMS Reflected XSS via Move Message Handling
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71166
CVE-2025-71166 affects Typesetter CMS versions up to and including 5.1. The vulnerability is a reflected cross-site scripting (XSS) in the administrative interface, specifically in the Tools Status move message handling. The path parameter is reflected into HTML output without proper encoding in ...