Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/04/10 7:49 p.m.8 views

GHSA-FWG7-53P4-G33C Ech0 Comment Panel Endpoints Missing RequireScopes Middleware — Scoped Access Token Bypass

Summary All 9 comment panel admin endpoints /api/panel/comments/ are missing RequireScopes middleware, while every other admin endpoint in the application enforces scope-based authorization on access tokens. An admin-issued access token scoped to minimal permissions e.g., echo:read only can perfo...

5.5CVSS5.8AI score
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/04/04 5:0 p.m.5 views

CVE-2026-5472

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /adminpanel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes unrestrict...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References1
NVD
NVDadded 2026/04/03 4:16 p.m.5 views

CVE-2026-5472

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /adminpanel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes unrestrict...

6.5CVSS0.00201EPSS
Exploits0References4
NVD
NVDadded 2025/12/10 4:16 p.m.3 views

CVE-2025-34410

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7.1CVSS0.00128EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/08/10 2:2 p.m.4 views

CVE-2025-8812 atjiu pybbs Admin Panel settings cross site scripting

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

4.8CVSS6.4AI score0.00299EPSS
Exploits1References6
ATTACKERKB
ATTACKERKBadded 2022/01/06 4:15 p.m.6 views

CVE-2021-46074

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel...

4.8CVSS5.6AI score0.01142EPSS
Exploits1References3
CNVD
CNVDadded 2020/05/18 12:0 a.m.3 views

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2020-32356)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in the /panel/configuration/general settings page in Subrion CMS version...

6.1CVSS6.4AI score0.00949EPSS
Exploits2References1
OSV
OSVadded 2017/10/23 5:29 p.m.2 views

CVE-2017-15812

The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel...

6.1CVSS5.8AI score0.00728EPSS
Exploits0References2
Rows per page
Query Builder