CVE-2025-37185

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

CVE-2026-22238

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful...

CVE-2022-50911

...

CVE-2022-50911

...

CVE-2026-0405 Authentication Bypass in NETGEAR Orbi Devices

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin...

PT-2026-2410

Name of the Vulnerable Software and Affected Versions Wing FTP Server versions 4.3.8 and below Description The software contains a remote code execution issue that allows attackers to execute arbitrary PowerShell commands. An attacker can leverage a crafted Lua script payload, base64-encoded with...

PT-2026-2387

Name of the Vulnerable Software and Affected Versions Bitrix24 affected versions not specified Description A logged-in attacker can execute arbitrary system commands through the PHP command line admin interface, leading to remote code execution. The attacker leverages this by sending crafted POST...

PT-2026-2312

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.10.0 Description PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. A Cross-Site Request Forgery CSRF issue exists in an administrative API endpoint responsible for terminating all...

CVE-2025-15505

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit...

POC-APISIX-RCE

Apache APISIX - Remote Code Execution Admin API script inject...

CVE-2026-22596 Ghost has SQL Injection in Members Activity Feed

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in...

Ghost SQL注入漏洞

Ghost is a hosting service of Ghost open source. An SQL injection vulnerability exists in Ghost versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, which stems from a flaw in the /ghost/api/admin/members/events endpoint that could lead to the execution of arbitrary SQL by a user who has...

CVE-2018-10032

CMS Made Simple aka CMSMS 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1version parameter...

CVE-2018-18270

XSS exists in CMS Made Simple version 2.2.7 via the m1newsurl parameter in an admin/moduleinterface.php "Content--News--Add Article" action...

CVE-2018-18626

An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database=del" sql parameter because delaction in admin/model/database.class.php mishandles this parameter...

CVE-2021-31280

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter...

CVE-2026-22079

The PT-2026-2147 entry specifies that Tenda 300Mbps Wireless Router F3 and Tenda N300 Easy Setup Router are affected by a flaw where login credentials are transmitted in plaintext during the initial login or after a factory reset via the web-based interface. An attacker on the same network could ...

CVE-2022-38283

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list...

CVE-2022-31492

Cross Site scripting XSS vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroupadminadd.php Username...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...