4969 matches found
Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access
Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account. id: CVE-2021-35336 info: name: Tieline IP Audio Gateway =2.6.4.8 -...
KevinLAB BEMS (Building Energy Management System) - Backdoor Account
KevinLAB BEMS has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highes...
Etherpad Lite <1.6.4 - Admin Authentication Bypass
Etherpad Lite before 1.6.4 is exploitable for admin access. id: CVE-2018-9845 info: name: Etherpad Lite 1.6.4 - Admin Authentication Bypass author: philippedelteil severity: critical description: Etherpad Lite before 1.6.4 is exploitable for admin access. impact: | An attacker can bypass the admi...
Sidekiq < 7.0.8 - Cross-Site Scripting
An XSS vulnerability on a Sidekiq admin panel can pose serious risks to the security and functionality of the system. id: CVE-2023-1892 info: name: Sidekiq 7.0.8 - Cross-Site Scripting author: ritikchaddha,princechaddha severity: critical description: | An XSS vulnerability on a Sidekiq admin pan...
CVE-2026-61501
Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...
CVE-2026-61501 Rejetto HFS < 3.2.1 Stored XSS in Admin Log Viewer
Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...
CVE-2026-61501 Rejetto HFS < 3.2.1 Stored XSS in Admin Log Viewer
Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...
Linux Distros Unpatched Vulnerability : CVE-2026-53448
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQ...
Triofox - Improper Access Control
The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.595.65696 allow unauthenticated access to the /management/admindatabase.aspx endpoint, exposing sensitive database management functionality to anyone with network access. An unauthenticated attacker can remotely...
CVE-2026-53448
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...
EUVD-2026-42969
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...
CVE-2026-53448
Coturn’s CVE-2026-53448 concerns the HTTPS admin panel, where prior to 4.12.0 HTTP query parameters were interpolated into SQL queries without sanitization. The is_secure_string filter guarding the STUN path is not applied to admin panel operations delete-user, delete-secret, and delete-IP, allow...
Improper Restriction of Rendered UI Layers or Frames
Overview ajenti is a Linux & BSD web admin panel. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames through the lack of anti-framing protections in the HTTP response process. An attacker can trick users into interacting with a maliciously...
CVE-2026-14713
A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...
EUVD-2026-41466
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...
CVE-2026-54477
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...
CVE-2026-54477
CVE-2026-54477 affects the Gardyn IoT Hub admin panel, where the absence of standard security headers allows clickjacking and cross-site scripting. The available data show an impact with low confidentiality and integrity impact (CVSS scores: 5.1/4.0 base metrics, MEDIUM), but no explicit details ...
CVE-2026-54477 Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...
CVE-2026-54477
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks...
strapi CMS <3.0.0-beta.17.5 - Admin Password Reset
strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. id: CVE-2019-18818 info: name: strapi CMS 3.0.0-beta.17.5 - Admin Password Reset...