CVE-2025-14756

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...

CVE-2025-14756

CVE-2025-14756 affects TP-Link Archer MR600 v5. The vulnerability is an authenticated OS command injection in the admin interface, allowing an attacker to execute system commands with a limited character length input via the browser developer console. Published sources indicate this can lead to s...

EUVD-2025-206350

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...

CVE-2026-24431

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...

CVE-2026-24431

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...

CVE-2026-24431

The CVE-2026-24431 entry concerns Shenzhen Tenda W30E V2 devices. Concrete details from connected sources show that firmware versions up to and including V16.01.0.19(5037) store user account passwords in plaintext in the administrative web interface, allowing any user with access to affected mana...

CVE-2026-24431

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...

EUVD-2026-4663

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...

CVE-2026-24431 Tenda W30E V2 Web UI Reveals Passwords in Cleartext

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...

PT-2026-4796

Name of the Vulnerable Software and Affected Versions TP-Link Archer MR600 version v5 Description A command injection issue exists in the admin interface component. Authenticated attackers can execute system commands with a limited character length through crafted input in the browser developer...

WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Custom Admin Interface versions = 7.41...

CVE-2021-47905

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...

CVE-2021-47905

CVE-2021-47905 concerns the MyBB Delete Account Plugin (v1.4) with a stored/reflected-like cross-site scripting flaw in the account deletion reason input field. The vulnerability allows an attacker to inject malicious scripts that can execute in the admin interface when viewing delete account rea...

CVE-2021-47905 MyBB Delete Account Plugin 1.4 - Cross-Site Scripting

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...

CVE-2021-47905 MyBB Delete Account Plugin 1.4 - Cross-Site Scripting

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...

PT-2026-4518

Name of the Vulnerable Software and Affected Versions MyBB Delete Account Plugin version 1.4 Description The MyBB Delete Account Plugin contains a cross-site scripting issue in the account deletion reason input field. An attacker can inject malicious scripts that will execute in the admin interfa...

GHSA-594W-2FWP-JWRC Keycloak Admin REST API exposes backend schema and rules

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

CVE-2025-14083 Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

CVE-2026-23492

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

GHSA-QVR7-7G55-69XJ Pimcore Has an Incomplete Patch for CVE-2023-30848

Summary An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments -- and catching syntax errors, the fix is insufficient. Attackers can still...