1747 matches found
EUVD-2026-4663
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...
PT-2026-4796
Name of the Vulnerable Software and Affected Versions TP-Link Archer MR600 version v5 Description A command injection issue exists in the admin interface component. Authenticated attackers can execute system commands with a limited character length through crafted input in the browser developer...
WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Custom Admin Interface versions = 7.41...
CVE-2021-47905
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...
CVE-2021-47905 MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...
CVE-2021-47905
CVE-2021-47905 concerns the MyBB Delete Account Plugin (v1.4) with a stored/reflected-like cross-site scripting flaw in the account deletion reason input field. The vulnerability allows an attacker to inject malicious scripts that can execute in the admin interface when viewing delete account rea...
CVE-2021-47905 MyBB Delete Account Plugin 1.4 - Cross-Site Scripting
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...
PT-2026-4518
Name of the Vulnerable Software and Affected Versions MyBB Delete Account Plugin version 1.4 Description The MyBB Delete Account Plugin contains a cross-site scripting issue in the account deletion reason input field. An attacker can inject malicious scripts that will execute in the admin interfa...
GHSA-594W-2FWP-JWRC Keycloak Admin REST API exposes backend schema and rules
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...
CVE-2025-14083 Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...
CVE-2026-23492
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...
GHSA-QVR7-7G55-69XJ Pimcore Has an Incomplete Patch for CVE-2023-30848
Summary An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments -- and catching syntax errors, the fix is insufficient. Attackers can still...
CVE-2026-23492
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...
CVE-2025-71166 Typesetter CMS Reflected XSS via Move Message Handling
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71166
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71166
CVE-2025-71166 affects Typesetter CMS versions up to and including 5.1. The vulnerability is a reflected cross-site scripting (XSS) in the administrative interface, specifically in the Tools Status move message handling. The path parameter is reflected into HTML output without proper encoding in ...
CVE-2025-71165 Typesetter CMS Reflected XSS via Status.php
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
EUVD-2026-2449
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...
CVE-2026-23492
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...
CVE-2026-23492 Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...