15430 matches found
CData API Server < 23.4.8844 - Path Traversal
A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...
CData Connect < 23.4.8846 - Path Traversal
A path traversal vulnerability exists in the Java version of CData Connect 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31849 info: name: CData Connect 23.4.8846...
Cacti 1.2.24 - SQL Injection
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...
TOTOLINK A3002RU 1.0.8 - Information Disclosure
TOTOLINK A3002RU firmware version 1.0.8 contains a vulnerability in which an unauthenticated attacker can obtain the plaintext admin password by making a GET request for password.htm. This allows remote attackers to gain administrative access without credentials. id: CVE-2018-13317 info: name:...
Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...
Tattile Camera < 1.181.5 - Default Login
Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...
WeGIA <= 3.6.4 - Remote Code Execution
WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...
Horde Groupware Unauthenticated Admin Access
Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account wi...
ZTE Cable Modem Web Shell
ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to webshellcmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. id: CVE-2014-2321 info: name: ZTE Cable Modem Web Shell author:...
Zyxel - Authentication Bypass
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...
SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass
The SureTriggers- All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secretkey' value in the 'autheticateuser' function in all versions up to, and including, 1.0.78. Th...
foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...
CVE-2026-8480 Connection possible to the Administration portal with a revoked certificate
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...
CVE-2026-5136 Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...
EUVD-2026-40929
Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...
CVE-2026-11594
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...
EUVD-2026-40411
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...
CVE-2026-11594
CVE-2026-11594 affects IBM WebSphere Application Server components (8.5 and 9.0; with related advisories also mentioning 9.1) where the administrative console is vulnerable to cross-site scripting. The core issue is XSS in the administrative console login/page rendering. Public bulletins from IBM...
CVE-2026-11595 IBM WebSphere Application Server is affected by a Path Traversal vulnerability
IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...
EUVD-2026-40397
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...