21514 matches found
CVE-2026-45533
DataEase prior to 2.10.23 contains a path traversal vulnerability in the export-center bulk delete API. Maliciously crafted identifiers can be passed to ExportCenterManage.delete using sequences like ../, enabling recursive deletion of arbitrary server directories during export task cleanup. Impa...
Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure
Fides versions 2.19.0 to before 2.39.2rc0 contain an information disclosure caused by unauthenticated HTTP GET request to the Privacy Center, letting attackers access the SERVERSIDEFIDESAPIURL, which may reveal server configuration details, exploit requires no authentication. id: CVE-2024-31223...
Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution
Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit...
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...
Extreme Management Center 8.4.1.24 - Cross-Site Scripting
Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
Cisco Secure Firewall Management Center - Authentication Bypass
Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...
CVE-2026-56197
Improper neutralization of special elements used in a command 'command injection' in Windows Admin Center allows an authorized attacker to execute code over a network...
CVE-2026-56196
Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network...
CVE-2026-58631
Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally...
CVE-2026-57107
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally...
CVE-2026-56169
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network...
CVE-2026-56185
Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network...
CVE-2026-56197 Windows Admin Center (WAC) Remote Code Execution Vulnerability
...
CVE-2026-56197
The CVE-2026-56197 entry describes a remote code execution in Windows Admin Center caused by improper neutralization of special elements used in a command (command injection). The NVD entry states threat is network-based with an 8.8 CVSS v3.1 base score (High) and that an authenticated attacker w...
CVE-2026-56196 Windows Admin Center (WAC) Remote Code Execution Vulnerability
...
CVE-2026-56196
CVE-2026-56196 affects Windows Admin Center (WAC). It describes a relative path traversal vulnerability that allows an attacker with network access to execute code on the target system. The NVD entry lists CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with base score 8.8 (HIGH). Connected source...
CVE-2026-58631 Windows Admin Center (WAC) Remote Code Execution Vulnerability
...
CVE-2026-58631
CVE-2026-58631 involves Windows Admin Center where improper authorization allows an authorized attacker to execute code locally. The available sources describe a local attack vector with high impact (C:H/I:H/A:H) and a CVSS v3.1 base score of 7.8, indicating remote code execution risk within the ...
CVE-2026-57107 Windows Admin Center Elevation of Privilege Vulnerability
...
CVE-2026-57107
Summary: CVE-2026-57107 is an elevation-of-privilege flaw due to improper authentication in Windows Admin Center. An authorized local attacker can escalate privileges. The CVSS v3.1 base score is 7.8 (HIGH), with local attack vector, low complexity, and high impacts on confidentiality, integrity,...