Lucene search
K

681 matches found

CNNVD
CNNVD
added 2026/02/26 12:0 a.m.15 views

Free CRM 安全漏洞

Free CRM is a customer relationship management software developed by go2ismail’s individual developers. Free CRM has a security vulnerability; this vulnerability arises from operations on the Administrative Interface of components, which may lead to redirection and subsequent execution...

8.8CVSS6.6AI score0.00415EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.6 views

Warehouse Inventory Management System 安全漏洞

Warehouse Inventory Management System is a warehouse inventory management system developed by go2ismail’s individual developer. The Warehouse Inventory Management System versions 9.20250118 and earlier have security vulnerabilities. These vulnerabilities stem from incorrect operations with the...

8.8CVSS6.7AI score0.00415EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/25 10:18 p.m.6 views

CVE-2026-26351

GetSimpleCMS Community Edition CE versions prior to 3.3.22 3.3.16 tested contains a stored cross-site scripting XSS vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encodin...

4.8CVSS5.9AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 4:24 p.m.10 views

CVE-2026-27518

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...

5.1CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/02/24 3:6 p.m.21 views

CVE-2026-27518

CVE-2026-27518 affects Binardat 10G08-0800GSM Network Switch firmware up to version V300SP10260209, which allegedly lacks CSRF protections for state-changing actions in the administrative interface. An authenticated administrator can be tricked into performing unauthorized configuration changes. ...

5.1CVSS5.4AI score0.00102EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.5 views

PT-2026-21754

Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 Description The firmware exposes user passwords in plaintext within the administrative interface and HTTP responses, potentially allowing recovery of valid...

8.6CVSS5.2AI score0.00179EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/02/23 4:12 p.m.23 views

CVE-2026-22568 Unauthorized information retrieval in ZIA Admin UI

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

5.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 8:25 p.m.5 views

CVE-2025-62326

HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...

6.1CVSS0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 6:16 p.m.5 views

CVE-2025-57794

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables...

9.1CVSS6.4AI score0.00549EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/28 5:33 p.m.31 views

CVE-2025-57794 Unrestricted File Upload Vulnerability in Explorance Blue

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables...

0.00549EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.6 views

PT-2026-3062

Name of the Vulnerable Software and Affected Versions DPanel versions prior to 1.9.2 Description DPanel has an arbitrary file deletion issue in the /api/common/attach/delete API endpoint. Authenticated users can delete arbitrary files on the server through path traversal. The issue resides in the...

8.1CVSS5.6AI score0.00598EPSS
Exploits1References11
OSV
OSV
added 2026/01/14 6:28 p.m.5 views

CVE-2025-71165 Typesetter CMS Reflected XSS via Status.php

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...

4.8CVSS6AI score0.00194EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.5 views

CVE-2021-31925

Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface...

7.5CVSS7AI score0.01328EPSS
Exploits0References1
CVE
CVE
added 2025/12/24 7:27 p.m.18 views

CVE-2018-25156

CVE-2018-25156 affects Teradek Cube 7.3.6. The vulnerability is a cross-site request forgery that lets an attacker change the device administrator password by luring a user to submit a hidden CSRF-form crafted request to the device’s system configuration interface. Impact is change of admin passw...

5.1CVSS6.6AI score0.00176EPSS
Exploits2References3Affected Software1
EUVD
EUVD
added 2025/12/22 9:30 p.m.4 views

EUVD-2025-204738

An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth...

4.7CVSS6.3AI score0.0013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/12/16 5:2 a.m.8 views

CVE-2025-14777

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS5.8AI score0.00315EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/19 4:22 p.m.11 views

CVE-2025-34330 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Prompt File Upload via ajaxPromptUploadFile.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated prompt upload endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxPromptUploadFile.php. The script accepts an uploaded file and...

6.9CVSS0.0043EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/10/30 9:20 p.m.6 views

CVE-2023-53690 Nagios Fusion < 4.2.0 LDAP/AD Integration Stored XSS

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

6.2CVSS0.00781EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-0514

Malware in sbrugna...

4.3CVSS6.4AI score0.01342EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2020-30349

Malware in sbrugna...

7.5CVSS7.5AI score0.01356EPSS
Exploits1References3
Rows per page
Query Builder