CVE-2021-42718

Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin...

PT-2025-1359 · Unknown · Replicated Classic

Name of the Vulnerable Software and Affected Versions: Replicated Classic versions prior to 2.53.1 Description: The issue allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables...

CVE-2025-22445

CVE-2025-22445 affects Mattermost Server in the 10.x line up to 10.2 where the UI incorrectly reflects missing admin settings for the Calls feature, causing admin confusion. SUSE advisory SUSE-SU-2025:0297-1 documents the issue and recommends updating to OpenSUSE/Mattermost patch level 10.3 or la...

PT-2024-26395 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.26.0 Description: GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions, the welcome and about page includes version and revision...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11772

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11772

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

PT-2024-9375 · Ivanti · Ivanti Cloud Services Appliance

Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Appliance versions prior to 5.0.3 Description: The issue is related to a lack of protection against SQL query structure exploitation in the admin web console of Ivanti Cloud Services Appliance. This allows a remote...

Security Bulletin: IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details CVEID:CVE-2024-45071 DESCRIPTION: IBM WebSphere Application Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user t...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2024-45071)

Summary IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and is vulnerable to cross-site scripting in the Admin Console. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below. Vulnerability...

Qnap QTS Cross-site Scripting (CVE-2019-7197)

A stored cross-site scripting XSS vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version. Th...

CVE-2024-9380

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution...

CVE-2024-9379

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-8215

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

CVE-2024-8215 Payload Injection Attack via Management REST interface

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

VulnCheck KEV: CVE-2024-9379

Ivanti Cloud Services Appliance CSA contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements...

VulnCheck KEV: CVE-2024-9380

Ivanti Cloud Services Appliance CSA contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS...

PT-2024-7355 · Ivanti · Ivanti Csa

Name of the Vulnerable Software and Affected Versions: Ivanti CSA versions prior to 5.0.2 Description: The issue allows a remote authenticated attacker with admin privileges to bypass restrictions via path traversal. This can potentially lead to further exploitation. There is no information...