Lucene search
K

87233 matches found

CVE
CVE
added 1 hour ago5 views

CVE-2026-14634

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MYController.php of the component Subscribed Emails Admin Page. Such manipulation...

5.3CVSS4.1AI score
Exploits0References7
CVE
CVE
added 5 hours ago7 views

CVE-2026-12196

The CVE-2026-12196 entry describes a broken access control vulnerability in the HestiaCP panel cronjob feature. Low-privilege users can modify the panel cronjob to execute management scripts with passwordless sudo, enabling takeover of administrator users in the application and the underlying web...

8.3CVSS6AI score
Exploits0References2
CVE
CVE
added 5 hours ago6 views

CVE-2026-12195

The CVE-2026-12195 entry concerns myVesta with an authenticated remote code execution vulnerability. The issue arises when low-privilege users delete FTP usernames and can inject arbitrary commands via the v_ftp_user parameter, allowing command execution as the admin user or takeover of the admin...

8.5CVSS6.7AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-41665

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the vftpuser parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVest...

8.5CVSS6.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 8 hours ago5 views

CVE-2026-14622

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS6.6AI score
Exploits0References6
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-41661

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajaxfiles of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is...

7.5CVSS6.6AI score
Exploits0References6
Nuclei
Nuclei
added 14 hours ago4 views

Gorse < 0.5.10 - Unauthenticated Database Dump

Gorse 0.5.10 contains an authentication bypass caused by empty adminapikey in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty adminapikey configuration. id: CVE-2026-56782 info: name: Gorse 0.5.10 -...

9.8CVSS6AI score0.03016EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago37 views

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

8.8CVSS7.5AI score0.04974EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago43 views

KubePi JwtSigKey - Admin Authentication Bypass

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

9.8CVSS7.2AI score0.69667EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago29 views

Sidekiq < 7.0.8 - Cross-Site Scripting

An XSS vulnerability on a Sidekiq admin panel can pose serious risks to the security and functionality of the system. id: CVE-2023-1892 info: name: Sidekiq 7.0.8 - Cross-Site Scripting author: ritikchaddha,princechaddha severity: critical description: | An XSS vulnerability on a Sidekiq admin pan...

9.6CVSS7.2AI score0.02742EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago73 views

ReCrystallize Server - Authentication Bypass

This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed. id: CVE-2024-26331...

7.5CVSS5.9AI score0.49322EPSS
Exploits0References4
Nuclei
Nuclei
added 14 hours ago33 views

Helmet Store Showroom v1.0 - SQL Injection

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. id: CVE-2022-46071 info: name: Helmet Store Showroom v1.0 - SQL Injection author: Harsh severity: critical description: | There is SQL Injection vulnerability...

9.8CVSS7.2AI score0.0431EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago58 views

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

9.8CVSS7.2AI score0.15088EPSS
Exploits4References4
Nuclei
Nuclei
added 14 hours ago35 views

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

8.1CVSS7.1AI score0.02837EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago35 views

WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request id: CVE-2022-1595 info: name: WordPress HC Custom WP-Admin URL =1.5 to mitigate the vulnerability. reference: -...

5.3CVSS6.1AI score0.02621EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago50 views

Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. id: CVE-2021-24215...

10CVSS7.2AI score0.09733EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago69 views

Kong Admin <=2.03 - Admin API Access

Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1. id: CVE-2020-11710 info: name: Kong Admin =2.03 - Admin API Access author: pikpikcu severity: critical description: Kong Admin through 2.0.3 contains an issue v...

9.8CVSS7.2AI score0.33825EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago46 views

GetSimple CMS 3.3.13 - Open Redirect

GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-9915 info: name: GetSimple CMS...

6.1CVSS6.3AI score0.03626EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago25 views

rConfig 3.9 - Authentication Bypass(Admin Login)

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. id: CVE-2020-13638 info: name: rConfig 3.9 - Authentication BypassAdmin Login author: theamanrawat severity: critical description: |...

9.8CVSS7.1AI score0.76758EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago20 views

WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion

WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or...

7.2CVSS7.1AI score0.05898EPSS
Exploits2References4
Rows per page
Query Builder