Lucene search
K

40 matches found

NVD
NVD
added 2026/05/07 4:16 a.m.16 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS0.00322EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:32 p.m.6 views

CVE-2026-3519

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...

9.3CVSS6.2AI score0.18238EPSS
Exploits4References2Affected Software4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-1737

Malware in sbrugna...

4.9CVSS5.1AI score0.01056EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-25932

Malware in sbrugna...

8CVSS7.3AI score0.01428EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-17010

Malware in sbrugna...

4.8CVSS5.1AI score0.00635EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-17731

Malware in sbrugna...

9CVSS8.6AI score0.0204EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-3023

Malware in sbrugna...

9CVSS7AI score0.03196EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-1449

Malware in sbrugna...

9CVSS7AI score0.01399EPSS
Exploits0References3
CVE
CVE
added 2025/03/19 5:40 p.m.702 views

CVE-2025-29926

CVE-2025-29926 affects XWiki Platform via the WikiManager REST API. In affected releases before fixes, any user could create a new wiki, potentially granting the user administrator privileges and enabling further farm-wide attacks. The REST API is not included in XWiki Standard by default and mus...

9.8CVSS6.2AI score0.00532EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/04/05 6:15 p.m.20 views

CVE-2023-28852

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versio...

4.8CVSS5.1AI score0.00538EPSS
Exploits0References3
OSV
OSV
added 2022/02/09 11:25 p.m.27 views

GHSA-GX6H-936C-VRRR Cross site scripting in registration template in xwiki-platform

Impact We found a possible XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions: - the wiki must be open to registration for anyone - the wiki must be closed to view for Guest users more specifically the...

7.4CVSS6.3AI score0.01008EPSS
Exploits0References5
Prion
Prion
added 2022/02/09 10:15 p.m.22 views

Cross site scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...

4.3CVSS5.8AI score0.01008EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/02/09 9:40 p.m.47 views

CVE-2022-23622 Cross site scripting in registration template in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...

7.4CVSS7AI score0.01008EPSS
Exploits0References3
CVE
CVE
added 2022/02/09 9:40 p.m.135 views

CVE-2022-23622

XWiki Platform contains an XSS vulnerability (CVE-2022-23622) in the registerinline.vm template associated with the xredirect hidden field. Exploitation requires the wiki to be open to registration and the XWiki.Registration page to be forbidden for guests (or equivalent rights); administrators e...

7.4CVSS6AI score0.01008EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/09 9:40 p.m.36 views

CVE-2022-23622 Cross site scripting in registration template in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...

7.4CVSS5.9AI score0.01008EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2021/06/10 3:51 p.m.52 views

Steam Gaming Platform Hosting Malware

UPDATE Look out for SteamHide, an emerging malware that disguises itself inside profile images on the gaming platform Steam, which researchers think is being developed for a wide-scale campaign. The Steam platform merely serves as a vehicle which hosts the malicious file, according to research fr...

7.3AI score
Exploits0References8
NVD
NVD
added 2020/11/11 1:15 p.m.17 views

CVE-2020-4685

A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos...

8CVSS7.4AI score0.01428EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/09/20 2:53 a.m.26 views

LY Corporation: Able to Become Admin for Any LINE Official Account

The reporter found an issue where abusing an IDOR would allow for an attacker to become an administrator of any LINE Official Account. This was due to an issue where the group ID could be extracted and/or easily guessed, combined with lack of authentication, leading to being able to craft a reque...

6.7AI score
Exploits0
Prion
Prion
added 2019/03/29 2:29 p.m.19 views

Design/Logic Flaw

The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection...

6.5CVSS7.5AI score0.0233EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/03/29 2:29 p.m.20 views

CVE-2017-18108

The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection...

7.2CVSS7.5AI score0.0233EPSS
Exploits0References1
Rows per page
Query Builder