PT-2025-35412

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A vulnerability exists in Tenda AC9 version 15.03.05.19 related to hard-coded credentials within the Administrative Interface component. The vulnerability resides in an unknown function of the /etc...

CVE-2025-57819

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issu...

CVE-2025-9577

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this...

PT-2025-35125

Name of the Vulnerable Software and Affected Versions seeedstudio ReSpeaker LinkIt7688 affected versions not specified Description A vulnerability exists in seeedstudio ReSpeaker LinkIt7688, impacting an unknown function within the Administrative Interface component’s /etc/shadow file. This...

PT-2025-35127

Name of the Vulnerable Software and Affected Versions TOTOLINK X2000R versions through 2.0.0 Description A security flaw has been discovered that allows for the use of default credentials. The affected element is an unknown function within the /etc/shadow.sample file of the Administrative Interfa...

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

CVE-2025-50904

There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...

CVE-2025-51991

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...

CVE-2025-51991

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...

Default Credentials in nginx-defender Configuration Files

Impact This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml, docker-compose.yml contain default credentials defaultpassword: "changemeplease", GFSECURITYADMINPASSWORD=admin123. If users deploy nginx-defender without changing these...

CVE-2025-31988

HCL Digital Experience is susceptible to cross site scripting XSS in an administrative UI with restricted access...

CVE-2025-8954

A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

Exploit for CVE-2025-8730

CVE-2025-8730 – Authentication Bypass in Belkin F9K1009/F9K10...

CVE-2024-52680

EyouCMS 1.6.7 is vulnerable to Cross Site Scripting XSS in /login.php?m=admin&c=System&a=web&lang=cn...

The vulnerability in the FTP-server administrator web interface of Wing allows a hacker to increase their privileges.

The vulnerability in the FTP server administrator’s web interface of Wing is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

CVE-2025-8172

A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

Code-Projects Voting System 注入漏洞

Voting System is an election system. Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements for parameter ID in file /admin/votersedit.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

PHPGurukul Vehicle Parking Management System 注入漏洞

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter del in the file /admin/manage-incomingvehicle.php that lacks validation of externally entered SQL statements. An...

CampCodes Advanced Online Voting System 注入漏洞

CampCodes Advanced Online Voting System is an advanced online voting system from CampCodes, Inc. An injection vulnerability exists in CampCodes Advanced Online Voting System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /admin/votersdelete.php, resulting in...