CVE-2026-11986

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

EUVD-2026-36267

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

CVE-2026-11986

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

PT-2026-47542

Every /ui/ POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. SameSite=Lax on the session cookie prevents most cross-site form submits but does not protect: - top-level form-submit navigations from third-party pages some browsers still send Lax cookie...

CVE-2026-34164

CVE-2026-34164 concerns Valtimo, where the InboxHandlingService logged the full content of incoming inbox messages at INFO level across versions 13.0.0–13.21.0. This exposed sensitive data (PII, BSN, case details) to anyone with log access or admin UI users. The issue was fixed in 13.22.0: the lo...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the InboxHandlingService. An attacker can access sensitive information such as personal data, citizen identifiers, and case details by viewing application logs that contain full inbox...

PT-2026-33366

Name of the Vulnerable Software and Affected Versions Valtimo versions 13.0.0 through 13.21.0 Description The InboxHandlingService function handle in the inbox module logs the full content of every incoming inbox message at the INFO level. These messages may contain sensitive information, such as...

CVE-2026-24347

Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory...

CVE-2026-24344

Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution...

CVE-2026-24348

Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users...

CVE-2026-24347

CVE-2026-24347 : The Red Hat/NVD/NVD enrichment entries describe an improper input validation in the Admin UI of EZCast Pro II (version 1.17478.146) that allows an attacker to manipulate files in the /tmp directory. This is tied to the EZCast Pro II dongle/application and is actionable via the Ad...

CVE-2026-24346 Use of well-known default credentials in EZCast Pro II Dongle

Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application...

EUVD-2026-4823

Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application...

CVE-2025-13954

Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI...

CVE-2025-13954

Hard-coded cryptographic keys in Admin UI of EZCast Pro II before version 1.17478.177 allows attackers to bypass authorization checks and gain full access to the admin UI...

CVE-2023-53690

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

CVE-2023-53690 Nagios Fusion < 4.2.0 LDAP/AD Integration Stored XSS

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

EUVD-2025-36132

A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted ear...

OpenWGA 代码注入漏洞

OpenWGA is an OpenWGA open source content management system and web application development platform. A code injection vulnerability exists in OpenWGA version 7.11.12 Build 737, which stems from a cross-site scripting vulnerability in the Admin UI component...

EUVD-2015-0523

Malware in sbrugna...