Lucene search
K

682 matches found

Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-57164

Name of the Vulnerable Software and Affected Versions Lucee CFML Server versions 5.3.x Lucee CFML Server versions 6.1.x Lucee CFML Server versions 6.2.x Lucee CFML Server versions 7.0.x Description Reflected cross-site scripting occurs during URL path parsing, allowing unauthenticated remote...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References4
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-59148 Mockoon: Unauthenticated admin API + wildcard CORS allows mock-state hijack and secret theft

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: with write methods...

8.8CVSS0.00173EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42496

In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's...

8.1CVSS6AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56023

Name of the Vulnerable Software and Affected Versions ajenti versions prior to 2.2.14 Description The browser-facing login and administrative UI contains a clickjacking weakness. This occurs because the core HTTP response path in ajenti-core/aj/http.py initializes an empty header list and finaliz...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48820

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

7.2CVSS7.1AI score0.00299EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 4:47 p.m.10 views

CVE-2026-11986 Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS5.4AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47622

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description The web UI lacks Cross-Site Request Forgery CSRF protection on all /ui/ routes using POST, PUT, PATCH, or DELETE methods. The application processes requests immediately upon session cookie...

7CVSS5.3AI score0.00013EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.10 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.6AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 5:26 p.m.42 views

CVE-2026-5509

The CVE-2026-5509 entry describes an authenticated command-injection flaw in TP-Link Archer BE450 v1 and BE7200 v1 routers. After logging into the admin web interface, an attacker can inject crafted input via the browser’s developer console that is passed to backend system commands without suffic...

8.5CVSS6.2AI score0.02458EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2026/05/23 5:24 a.m.41 views

Authorization Bypass

9router is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization handling in the Administrative API endpoint /api, which allows an attacker to bypass access controls and perform unauthorized actions remotely...

7.5CVSS7.1AI score0.00313EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 8:20 a.m.11 views

CVE-2026-8185

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

6.3CVSS6.3AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/05/09 11:16 a.m.14 views

CVE-2026-8185

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

6.3CVSS0.0032EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/09 10:15 a.m.12 views

EUVD-2026-28909

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

6.3CVSS5.5AI score0.0032EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/09 10:15 a.m.11 views

CVE-2026-8185 UGREEN CM933 Administrative missing authentication

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

6.3CVSS6.3AI score0.0032EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/23 6:30 a.m.4 views

EUVD-2026-25184

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.8AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 5:16 a.m.9 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 6:30 a.m.3 views

EUVD-2026-20853

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.5AI score0.00313EPSS
Exploits0References9
NVD
NVD
added 2026/04/09 5:16 a.m.3 views

CVE-2026-5842

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00313EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/09 4:30 a.m.26 views

CVE-2026-5842 decolua 9router Administrative API Endpoint api authorization

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00313EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

9Router 安全漏洞

9Router is an intelligent routing and downgrade AI model proxy tool developed by decolua’s individual developers. Versions of 9Router prior to 0.3.47 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass issues in the Administrative API Endpoint component’s/a...

7.5CVSS7.1AI score0.00313EPSS
Exploits0References8
Rows per page
Query Builder