PT-2026-28417

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

CVE-2026-22524

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Legacy Admin legacy-admin allows Reflected XSS.This issue affects Legacy Admin: from n/a through = 9.5...

EUVD-2026-15538

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Legacy Admin legacy-admin allows Reflected XSS.This issue affects Legacy Admin: from n/a through = 9.5...

PT-2026-22007

Name of the Vulnerable Software and Affected Versions z-9527 admin versions 1.0 through 2.0 Description A SQL injection issue exists in z-9527 admin. The issue is located in the checkName, register, login, getUser, and getUsers functions within the /server/controller/user.js file. This allows for...

CVE-2024-32090

Cross-Site Request Forgery CSRF vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.0.27...

CVE-2024-54775

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting XSS vulnerability via /admin/auth/menu and /admin/auth/extensions...

Enel X Waybox 安全漏洞

The Enel X Waybox is a home charging station from Enel X, Inc. A security vulnerability exists in version 3.0 of the Enel X Waybox that stems from a web management application that can execute arbitrary requests on an internal database via /admin/versions.php...

cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.com.365trade.oss:xxl-job-admin (>=2.2.1.1_zzlh <=2.2.1_zzlh) +31 more potentially affected by CVE-2023-45146 via com.xuxueli:xxl-rpc-core (>=1.2.0 <=1.6.0)

com.xuxueli:xxl-rpc-core MAVEN version =1.2.0, =1.0.0-RELEASE, =2.2.1.1zzlh, =2.2.1.1zzlh, =1.1.1, =2.1.1-RELEASE, =0.0.1, =0.0.1, =2.0.4, =2.0.4, =0.0.1, =2.0.5 and more Source cves: CVE-2023-45146 Source advisory: OSV:GHSA-F984-3WX8-GRP9...

Ruckus Wireless SmartZone 代码注入漏洞

The Ruckus Wireless SmartZone is a high performance WLAN controller from Ruckus. A security vulnerability exists in Ruckus Wireless Admin 10.4 and prior versions that originates from allowing remote code execution via an unauthenticated HTTP GET request...

CVE-2022-37333

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

IBM Spectrum Copy Data Management 授权问题漏洞

IBM Spectrum Copy Data Management, an IBM company that modernizes, simplifies, and automates data center copy management processes, has an access control error in IBM Spectrum Copy Data Management Admin versions 2.2.0.0 through 2.2.15.0. vulnerability, which stems from a lack of proper session...