37 matches found
EUVD-2022-49150
Malicious code in bioql PyPI...
EUVD-2023-3108
Malicious code in bioql PyPI...
CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...
PT-2025-33823 · Hcl · Hcl Digital Experience
Name of the Vulnerable Software and Affected Versions: HCL Digital Experience affected versions not specified Description: HCL Digital Experience is susceptible to cross-site scripting XSS within an administrative user interface that has restricted access. Recommendations: At the moment, there is...
CVE-2017-7591
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting XSS attacks within the Admin UI, as demonstrated by the sortKeys parameter to the authzRoles script under managed/user/...
CVE-2024-28969
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
PT-2024-40496 · Ez Systems +1 · Ez Platform +4
Name of the Vulnerable Software and Affected Versions: eZ Platform versions prior to 1.13.x with ezsystems/PlatformUIAssetsBundle version 4.2.3 eZ Platform version 2.5.13 with ezsystems/ezplatform-admin-ui-assets version 4.2.1 eZ Platform version 3.0. with ezsystems/ezplatform-admin-ui-assets...
PT-2024-20763 · Unknown · Sidekiq-Unique-Jobs
Name of the Vulnerable Software and Affected Versions: sidekiq-unique-jobs versions prior to 7.1.33 and 8.0.7 Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the sidekiq-unique-jobs "admin" web UI. Specially crafted GET request parameters handled by the following...
Pimcore Security Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in pimcore...
Proofpoint Enterprise Protection Cross-Site Scripting Vulnerability
Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect email. A security vulnerability exists in Proofpoint Enterprise Protection that stems from a stored cross-site scripting XSS vulnerability in AdminUI...
Fides 资源管理错误漏洞
Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A resource management error vulnerability exists in Fides versions 2.11.0 through 2.15.1, which stems from...
SA40210 - [Pulse Secure] Information disclosure possible on admin UI (CVE-2016-4791)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An information disclosure issue was discovered on the Pulse Connect Secure device. This issue exists on the administrative user interface and requires admin level access. Because of th...
CVE-2022-46333 Proofpoint Enterprise Protection perl eval() arbitrary command execution
The admin user interface in Proofpoint Enterprise Protection PPS/PoD contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below...
CVE-2021-35570
Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite component: Admin UI. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface...
CVE-2015-0510
Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface...
CVE-2015-0510
Oracle Commerce Platform (9.4, 10.0, 10.2) is affected by a vulnerability in the Dynamo Application Framework – HTML Admin User Interface. The issue, described in connected CNVD data, allows a remote attacker to update, insert, or delete data, compromising data integrity. The root cause details a...