CVE-2026-11860 Insecure Deserialisation via Plaintext HTTP leading to Remote Code Execution in Quick.CMS

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

CVE-2026-0856

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...

CVE-2026-0856

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...

CVE-2026-0856

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...

CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

EUVD-2026-17743

XenForo before 2.3.9 and before 2.2.18 allows remote code execution RCE by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server...

CVE-2019-25515

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...

CVE-2026-0407

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel...

CVE-2021-33470

COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel...

CVE-2022-42176

In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access...

CVE-2025-67070

A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication MFA mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to th...

PluXml 安全漏洞

PluXml is a free open source content management system from PluXml Open Source that does not require a database to work. A security vulnerability exists in PluXml version 5.8.22, which originates from an attacker with administrator panel access who can inject a malicious PHP webshell into theme...

CVE-2025-64281

An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials...

EUVD-2025-131926

An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials...

CentralSquare Community Development 安全漏洞

CentralSquare Community Development is a public affairs department software system for local governments from CentralSquare USA. A security vulnerability exists in CentralSquare Community Development version 19.5.7, which stems from an authentication bypass that could result in unauthorized acces...

CVE-2025-64281

CVE-2025-64281 describes an authentication bypass in CentralSquare Community Development version 19.5.7 that allows attackers to access the admin panel without admin credentials. The connected sources confirm the affected product and version, the issue is labeled as a high-impact vulnerability (C...

PT-2025-44641

Name of the Vulnerable Software and Affected Versions Deep Sea Electronics DSE855 versions 1.1.0 through 1.1.26 Description A flaw exists in access control within the realtime.cgi endpoint of Deep Sea Electronics devices. This allows attackers to access the admin panel and gain complete control o...

CVE-2025-29270

Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...

EUVD-2021-13980

Malware in sbrugna...