338 matches found
EUVD-2018-4383
Malware in sbrugna...
EUVD-2020-3025
Malware in sbrugna...
EUVD-2025-32450
A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing manipulation of the argument cateid results in sql injection. Remote exploitation of the attack is possible...
CVE-2025-11288 CRMEB GET Parameter product sql injection
A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing a manipulation of the argument cateid results in sql injection. Remote exploitation of the attack is possible...
EUVD-2022-34216
Malicious code in bioql PyPI...
EUVD-2022-6691
Malicious code in bioql PyPI...
EUVD-2025-11882
Malicious code in bioql PyPI...
EUVD-2024-29115
Malicious code in bioql PyPI...
EUVD-2023-0135
Malicious code in bioql PyPI...
CVE-2025-9591 ZrLog Theme Configuration Form config cross site scripting
A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotel...
CVE-2025-50904
There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...
📄 Caddy 2.10.0 Server-Side Request Forgery
Caddy version 2.10.0 suffers from a server-side request forgery vulnerability via a JSON configuration injection. Exploit Title: Caddy 2.10.0 - Admin API SSRF via JSON Config Injection Date: 2025-07-10 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://caddyserver.com/ Software Link:...
CVE-2024-39021
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/vpsApiDatadeal.php?mudi=del...
CVE-2022-29906
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66 omits a check for the quizadmin user...
CVE-2021-32716
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the...
CVE-2021-35941
Western Digital WD My Book Live 2.x and later and WD My Book Live Duo all versions have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472...
CVE-2021-21297
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default...
CVE-2020-11710
An issue was discovered in docker-kong for Kong through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1 Inaccurate Bug Scope - The issue scope was...
CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...
CVE-2025-4646 A high privilege user is able to create and use a valid admin API token in centreon-web
Incorrect Authorization vulnerability in Centreon web API Token creation form modules allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4...