681 matches found
Free CRM 安全漏洞
Free CRM is a customer relationship management software developed by go2ismail’s individual developers. Free CRM has a security vulnerability; this vulnerability arises from operations on the Administrative Interface of components, which may lead to redirection and subsequent execution...
Warehouse Inventory Management System 安全漏洞
Warehouse Inventory Management System is a warehouse inventory management system developed by go2ismail’s individual developer. The Warehouse Inventory Management System versions 9.20250118 and earlier have security vulnerabilities. These vulnerabilities stem from incorrect operations with the...
CVE-2026-26351
GetSimpleCMS Community Edition CE versions prior to 3.3.22 3.3.16 tested contains a stored cross-site scripting XSS vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encodin...
CVE-2026-27518
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...
CVE-2026-27518
CVE-2026-27518 affects Binardat 10G08-0800GSM Network Switch firmware up to version V300SP10260209, which allegedly lacks CSRF protections for state-changing actions in the administrative interface. An authenticated administrator can be tricked into performing unauthorized configuration changes. ...
PT-2026-21754
Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 Description The firmware exposes user passwords in plaintext within the administrative interface and HTTP responses, potentially allowing recovery of valid...
CVE-2026-22568 Unauthorized information retrieval in ZIA Admin UI
Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...
CVE-2025-62326
HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...
CVE-2025-57794
Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables...
CVE-2025-57794 Unrestricted File Upload Vulnerability in Explorance Blue
Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables...
PT-2026-3062
Name of the Vulnerable Software and Affected Versions DPanel versions prior to 1.9.2 Description DPanel has an arbitrary file deletion issue in the /api/common/attach/delete API endpoint. Authenticated users can delete arbitrary files on the server through path traversal. The issue resides in the...
CVE-2025-71165 Typesetter CMS Reflected XSS via Status.php
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
CVE-2021-31925
Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface...
CVE-2018-25156
CVE-2018-25156 affects Teradek Cube 7.3.6. The vulnerability is a cross-site request forgery that lets an attacker change the device administrator password by luring a user to submit a hidden CSRF-form crafted request to the device’s system configuration interface. Impact is change of admin passw...
EUVD-2025-204738
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth...
CVE-2025-14777
A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...
CVE-2025-34330 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Prompt File Upload via ajaxPromptUploadFile.php
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated prompt upload endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxPromptUploadFile.php. The script accepts an uploaded file and...
CVE-2023-53690 Nagios Fusion < 4.2.0 LDAP/AD Integration Stored XSS
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...
EUVD-2006-0514
Malware in sbrugna...
EUVD-2020-30349
Malware in sbrugna...