CVE-2026-44567

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

CVE-2026-27960

OpenCTI suffers a privilege escalation in versions 6.6.0–6.9.12 that allows unauthenticated attackers to query the API as any existing user, including the default admin account. The issue has been fixed in version 6.9.13. As a temporary mitigation, the default admin can be disabled via APP__ADMIN...

CVE-2026-30533

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manageproduct.php file via the "id" parameter...

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the improper cleaning of the id parameter in th...

CVE-2019-25404 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via admins

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the adminname, name, and surname parameters via...

PT-2026-20561

Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. The issue is located in the /admin/manage booking.php file, within an unknown function. Manipulation...

CVE-2025-70152

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...

CVE-2026-24433

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when administrative users...

CVE-2026-0728

A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/deleteadmin.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The...

CVE-2025-62965

Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through = 2.5.1...

EUVD-2025-35980

Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through = 2.5.1...

CVE-2025-62965

Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through = 2.5.1...

CVE-2025-62965 WordPress Admin Management Xtended plugin <= 2.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through = 2.5.1...

CVE-2025-62965

CVE-2025-62965 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin Admin Management Xtended, affecting versions up to and including 2.5.1. The issue arises from ‘incorrectly configured access control security levels’, enabling unauthorized users to exploit pri...

CVE-2025-62965 WordPress Admin Management Xtended plugin <= 2.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through = 2.5.1...

WordPress plugin Admin Management Xtended 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-43837

Name of the Vulnerable Software and Affected Versions Admin Management Xtended versions through 2.5.1 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. Recommendations Update to a version later than 2.5.1...

WordPress Admin Management Xtended plugin <= 2.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Admin Management Xtended versions = 2.5.1...

EUVD-2018-8922

Malware in sbrugna...

EUVD-2019-19240

Malware in sbrugna...