CVE-2026-22079

The PT-2026-2147 entry specifies that Tenda 300Mbps Wireless Router F3 and Tenda N300 Easy Setup Router are affected by a flaw where login credentials are transmitted in plaintext during the initial login or after a factory reset via the web-based interface. An attacker on the same network could ...

CVE-2022-38283

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list...

CVE-2022-31492

Cross Site scripting XSS vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroupadminadd.php Username...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2020-10391

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-article.php by adding a question mark ? followed by the payload...

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

CVE-2024-34241

A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

CVE-2025-63611

Summary: CVE-2025-63611 affects phpgurukul Hostel Management System v2.1. The issue is a stored XSS in the user-provided "Explain the Complaint" field submitted to /register-complaint.php, which is rendered unescaped in the admin view at /admin/complaint-details.php?cid=. When an administrator op...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

CVE-2019-16704

admin/infoclassupdate.php in PHPMyWind 5.6 has stored XSS...

CVE-2019-16997

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/languagegeneral.class.php via the admin/?n=language=languagegeneral=doExportPack appno parameter...

CVE-2019-12353

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dlsendmail.php when the attacker has admin authority via the id parameter...

CVE-2006-3830

The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...

GHSA-VFRF-VCJ7-WVR8 Signal K Server Vulnerable to Access Request Spoofing

The SignalK access request system has two related features that when combined by themselves and with the infromation disclosure vulnerability enable convincing social engineering attacks against administrators. When a device creates an access request, it specifies three fields: clientId,...

PT-2026-4489

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s Network File System daemon nfsd is susceptible to a server crash when attempting to unlock the filesystem through an administrative interface while nfsd is not running...

PT-2026-21774

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 Description The local Caddy admin API, listening by default on 127.0.0.1:2019, includes a POST /load endpoint that allows replacing the entire running configuration. When origin enforcement is not enabled enforce...

CVE-2025-63038

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.40...

CVE-2025-63038 WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.40...

CVE-2025-63038 WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.40...