Lucene search
K

39 matches found

Cvelist
Cvelist
added 2026/06/05 5:49 p.m.28 views

CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS0.00533EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.11 views

PT-2026-47014

Name of the Vulnerable Software and Affected Versions NetMan 204 affected versions not specified Description Authentication is not enforced on administrative pages and command endpoints. A remote, unauthenticated attacker can directly request pages such as 'administration.html',...

9.8CVSS5.4AI score0.00533EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/31 6:39 p.m.23 views

CVE-2025-34467 ZwiiCMS < 13.7.00 Lock Persistence Authenticated DoS Against Administrative Pages

ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns...

5.3CVSS0.0019EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2001-1113

Malware in sbrugna...

7.5CVSS6.4AI score0.02522EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-2576

Malware in sbrugna...

6.5CVSS6.6AI score0.01036EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-5179

Malware in sbrugna...

8.8CVSS8.7AI score0.01567EPSS
Exploits5References4
NVD
NVD
added 2024/03/21 2:49 a.m.20 views

CVE-2023-49978

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...

8.8CVSS6.8AI score0.00835EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/06 12:0 a.m.18 views

CVE-2023-49978

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...

7AI score0.00835EPSS
Exploits1References2
Drupal
Drupal
added 2023/08/23 12:0 a.m.14 views

Config Pages - Moderately critical - Information Disclosure - SA-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...

6.8AI score
Exploits0References6
Cvelist
Cvelist
added 2023/03/30 9:26 a.m.19 views

CVE-2023-1699 Rapid7 Nexpose Forced Browsing

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187...

4.3CVSS9.4AI score0.00446EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/30 9:26 a.m.10 views

CVE-2023-1699 Rapid7 Nexpose Forced Browsing

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187...

4.3CVSS9.2AI score0.00446EPSS
Exploits0References1
CVE
CVE
added 2023/03/30 9:26 a.m.60 views

CVE-2023-1699

Rapid7 Nexpose: Vulnerable in versions 6.6.186 and earlier to a forced browsing issue that allows an attacker to manipulate URLs to reach administrative pages. Root cause and affected components are described as a forced browsing vulnerability; impact is access to admin pages. The issue is fixed ...

9.8CVSS6.5AI score0.00446EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.24 views

Debian: Security Advisory (DLA-548-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.3AI score0.01774EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/25 12:0 a.m.49 views

JVN#53682526: Multiple cross-site scripting vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in User management CWE-79 - CVE-2022-39325 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base...

6.1CVSS5.5AI score0.00586EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 5:7 p.m.14 views

Dolibarr cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...

6.1CVSS6.1AI score0.0147EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.9 views

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM Corporation. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation version 21.0.1 is vulnerable to an information disclosure...

6.5CVSS5.5AI score0.00711EPSS
Exploits0References3
Prion
Prion
added 2021/11/12 10:15 p.m.16 views

Improper access control

An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified...

5CVSS5.2AI score0.00673EPSS
Exploits0References1Affected Software4
Drupal
Drupal
added 2020/04/08 12:0 a.m.22 views

Spamicide - Critical - Access bypass - SA-CONTRIB-2020-009

The Spamicide module protects Drupal forms with a form field that is hidden from normal users, but visible to spam bots. The module doesn't require appropriate permissions for administrative pages leading to an Access Bypass...

6.6AI score
Exploits0References6
WPVulnDB
WPVulnDB
added 2020/03/23 12:0 a.m.24 views

Cookiebot < 3.6.1 - Authenticated Reflected Cross-Site Scripting (XSS)

Versions prior to 3.6.1 are susceptible to this attack, which allows hackers to exploit the vulnerability found on administrative pages...

4.1AI score
Exploits0References1Affected Software1
Prion
Prion
added 2020/02/07 5:15 p.m.17 views

Cross site request forgery (csrf)

A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages...

6.8CVSS7AI score0.01567EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder