PT-2026-6812

Name of the Vulnerable Software and Affected Versions Wing FTP Server versions prior to 6.2.7 Description Wing FTP Server versions prior to 6.2.7 have a cross-site request forgery CSRF issue in the web administration interface. This allows attackers to delete administrative users by crafting a...

PT-2026-6593

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Description Axigen Mail Server contains multiple stored Cross-Site Scripting XSS issues within the WebAdmin interface. These issues exist in three areas: the log file name parameter on the Local...

CVE-2026-25011

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

📄 Blesta 5.13.1 Admin Interface PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...

📄 Monstra CMS 3.0.4 Shell Upload

Monstra CMS version 3.0.4 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : Monstra CMS 3.0.4 shell upload Vulnerability | | Author : indoushka | |...

CVE-2026-24434

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

EUVD-2026-5154

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

Missing Authorization

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Missing Authorization via the preview endpoints in the admin interface. An attacker can obtain unauthorized preview renderings of pages, snippets, or site settings by...

alertwise (=1.0.0), cjkcms-seo (=2.4.0) +19 more potentially affected by CVE-2026-25517 via wagtail (>=6.0.0 <=6.3.1)

wagtail PYPI version =6.0.0, =6.0.0, =2.1.0, =0.1.1, =1.9.0, =2.8.0, =0.0.9, =0.14.0, =0.6.0, =0.1.0, =0.2.0 - wagtail-sb-codefield =0.4.0 and more Source cves: CVE-2026-25517 Source advisory: SNYK:PYTHON-WAGTAIL-15189141...

CVE-2026-25485

Craft Commerce (for Craft CMS) contains a stored XSS vulnerability in the Shipping Categories fields (Name & Description) in the admin Store Management panel. Affected versions: 4.0.0-RC1 through 4.10.0 and 5.0.0 through 5.5.1. The issue arises from insufficient sanitization before rendering in t...

CVE-2026-25011

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

CVE-2026-25011

CVE-2026-25011: The WP Custom Admin Interface plugin (wp-custom-admin-interface) has Missing Authorization (Broken Access Control) affecting versions up to and including 7.41. Root cause: misconfigured access control security levels enabling unauthorized access. Impact: potential privilege-relate...

CVE-2026-25011

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

EUVD-2026-5296

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

CVE-2026-25011 WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

CVE-2026-25011 WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

Information Disclosure

Keycloak is vulnerable to sensitive Information Disclosure. The vulnerability is due to insufficient enforcement of User Profile visibility controls in the Admin API, where a limited-privilege administrator can access sensitive custom user attributes via the /unmanagedAttributes endpoint, bypassi...

WordPress plugin WP Custom Admin Interface 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2021-34755

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

CVE-2025-57794 Unrestricted File Upload Vulnerability in Explorance Blue

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables...