EUVD-2026-9362

Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode...

CVE-2025-59096

The default password for the extended admin user mode in the application U9ExosAdmin.exe "Kaba 9300 Administration" is hard-coded in multiple locations as well as documented in the locally stored user documentation...

CVE-2025-59096

The default password for the extended admin user mode in the application U9ExosAdmin.exe "Kaba 9300 Administration" is hard-coded in multiple locations as well as documented in the locally stored user documentation...

CVE-2025-59096

CVE-2025-59096 describes a weak default password in dormakaba Kaba exos 9300 (U9ExosAdmin.exe, extended admin mode). Root cause: hard-coded default password present in multiple locations and in local user docs. Impact (per provided data): local attacker with HIGH privileges and LOCAL access could...

PT-2026-4746

The default password for the extended admin user mode in the application U9ExosAdmin.exe "Kaba 9300 Administration" is hard-coded in multiple locations as well as documented in the locally stored user documentation...

CVE-2026-23634

Pepr is a Kubernetes type-safe middleware. Prior to version 1.0.5, Pepr defaults to a cluster-admin RBAC configuration, which may grant broader privileges to modules by default. The issue arises from not explicitly enforcing least-privilege guidance for module authors during the initial “getting ...

CVE-2026-23634 Pepr Overly Permissive RBAC ClusterRole in Admin Mode

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

CVE-2026-23634 Pepr Overly Permissive RBAC ClusterRole in Admin Mode

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

EUVD-2026-2732

Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode...

EUVD-2025-26332

Malicious code in bioql PyPI...

Sports Management System mode.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/mode.php. An attacker can exploit this vulnerability...

CVE-2025-9768

A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely...

CVE-2025-9768

A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely...

CVE-2025-9768

A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely...

CVE-2025-9768 itsourcecode Sports Management System mode.php sql injection

A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely...

PT-2025-35468

Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A vulnerability exists in itsourcecode Sports Management System 1.0. The manipulation of the code argument in the file /Admin/mode.php can lead to SQL injection. The attack can be...

itsourcecode Sports Management System 安全漏洞

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/mode.php. An attacker can exploit this vulnerability...

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

CVE-2019-16767

The admin sys mode is now conditional and dedicated for the special case. By default, since [email protected] no instance container is launched with advanced capabilities not launched as root...

Citrix Virtual Apps and Desktops - Error displayed in WebStudio when publishing DualAdmin App-V app

You try to publish app-v applications from app-v package and you use Dual Admin mode Microsoft Management and Publishing servers are used. When you try to do this from Applications or Delivery Group node, there is an error displayed and applications are not listed. Example: When you try to perfor...