1114 matches found
CVE-2026-27174
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...
CVE-2026-27174
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...
CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...
CVE-2026-27174 MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
CVE-2026-21640
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
CVE-2026-21640
The CVE-2026-21640 entry describes an INI format-string injection in Revive Adserver settings that can crash the admin console with a fatal PHP error when certain character sequences are used. The issue is reported for Revive Adserver (with a referenced 6.0.4 context in the HackerOne report). Roo...
Revive Adserver security vulnerability
Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system offers functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from...
PT-2026-3657
HackerOne community member Faraz Ahmed PakCyberbot has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...
The Librarian does not secure its interface, allowing for access to internal system data
Overview Multiple vulnerabilities were discovered in The Librarian, an AI-powered personal assistant tool provided by the company TheLibrarian.io. The Librarian can be used to manage personal email, calendar, documents, and other information through external services, such as Gmail and Google...
CVE-2021-31221
SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed...
CVE-2020-10590
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port 8800 on the Replicated Classic server could retrieve the TLS Keypair Cert and Key used to configure...
CVE-2019-12427
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console...
Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform
Many critical industries banking, healthcare, and manufacturing...
CVE-2025-46296
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...
CVE-2025-14266
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console...