EUVD-2025-36426

Keycloak unable to restrict access to the admin console...

CVE-2025-10939

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

PT-2025-44084

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the /admin path can be accessed via a proxy, such as ha-proxy, by using relative or non-normalized paths. Keycloak documentation advises against exposing the...

EUVD-2008-0207

Malware in sbrugna...

CVE-2025-50904

CVE-2025-50904 describes an authentication bypass in WinterChenS my-site via commit 6c79286 (2025-06-11). An attacker can access the /admin/ API without a token, with CVSS v3.1 score 9.8 (CRITICAL; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected software is WinterChenS my-site, through the specifi...

CVE-2025-7560

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. This vulnerability affects unknown code of the file /admin/workin-progress-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely...

CVE-2025-5556

A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the use of request.getRequestURI validation in com.baidu.brcc.config.UserAuthFilter.doFilter. An attacker can gain unauthorized admin rights by sending requests to /admin/ URIs on misconfigured servers. Not...

Hospital Management System doctor-specilization.php File SQL Injection Vulnerability

Hospital Management System a hospital management system. The Hospital Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter doctorspecilization of the file /admin/doctor-specilization.php. An...

CVE-2022-29666

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan...

CVE-2022-1288

A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert1%3E leads to a reflected cross site scripting. The atta...