CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

8.1CVSS7.2AI score0.02837EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-11761

Malware in sbrugna...

9.8CVSS7.3AI score0.01424EPSS

Exploits0References4

Positive Technologies•added 2025/04/06 12:0 a.m.•8 views

PT-2025-15107 · Code Projects · Codeprojects Online Restaurant Management System

Name of the Vulnerable Software and Affected Versions: codeprojects Online Restaurant Management System version 1.0 Description: A critical issue affects the processing of the file /admin/member update.php, where the manipulation of the ID argument leads to sql injection. This issue can be...

7.5CVSS7.3AI score0.00376EPSS

Exploits1References11

Snyk•added 2025/03/03 6:31 p.m.•3 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection in the ServiceDBStore when exporting a CSV. Remediation Upgrade org.apache.ranger:security-admin-web to version 2.6.0 or higher. References - Apache Jira Issues - GitHub Commit - GitHub Commit - OSS Security Advisory -...

9.8CVSS7.2AI score0.00723EPSS

Exploits0References2

OSV•added 2025/01/27 11:15 p.m.•2 views

CVE-2024-56178

An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the securityadminlocal role can create a new user in a group that has the admin role...

6.5CVSS5.8AI score0.00326EPSS

Exploits0References1

Positive Technologies•added 2024/12/28 12:0 a.m.•4 views

PT-2025-3199 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions 7.6.x through 7.6.3 Description: An issue was discovered that allows a user with the security admin local role to create a new user in a group that has the admin role. This is related to incorrect permission storage...

8.5CVSS7AI score0.00326EPSS

Exploits0References7

OSSF Malicious Packages•added 2024/12/20 9:45 p.m.•2 views

Malicious code in security-admin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e96f0bbf94f55e5b85d255cf6cba166c4cf317c53beefb5911d773566a81f8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score

Exploits0References1

OSV•added 2024/12/20 9:45 p.m.•3 views

MAL-2024-12080 Malicious code in security-admin (npm)

7AI score

Exploits0References1

Veracode•added 2021/12/29 4:53 p.m.•8 views

Authentication Bypass

security-admin is vulnerable to authentication bypass. The vulnerability exists in PropertiesUtil.java due to improper handling of sensitive data which allows an attacker to login and gain access and perform unauthenticated actions...

4AI score

Exploits0

wpexploit•added 2021/09/02 12:0 a.m.•234 views

GeoDirectory < 2.1.1.3 - Authenticated (admin+) Stored Cross-Site Scripting (XSS)

The GeoDirectory plugin was vulnerable to Authenticated admin+ Stored Cross-Site Scripting XSS. POST /wp-admin/admin.php?page=gd-settings&tab=general&section=location HTTP/1.1 ..SNIP.. Content-Disposition: form-data; name="defaultlocationlatitude" prompt/XSS/ ..SNIP...

5.4CVSS1.4AI score0.00854EPSS

Exploits2References2

Cvelist•added 2020/02/11 5:19 p.m.•25 views

CVE-2012-4519

Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS...

6.3AI score0.00699EPSS

Exploits0References2

UbuntuCve•added 2019/12/02 2:0 p.m.•45 views

CVE-2019-19118

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

6.5CVSS6.8AI score0.01656EPSS

Exploits0References2

Imperva Blog•added 2018/02/23 4:45 p.m.•88 views

NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases

Scuba is a free and easy-to-use tool that uncovers hidden security risks. Scuba is frequently updated with content from Imperva’s Defense Center researchers. With Scuba you can: Scan enterprise databases for vulnerabilities and misconfigurations Identify risks to your databases Get recommendation...

6.3AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•17 views

Web3news <= 0.95 (PHPSECURITYADMIN_PATH) Remote Include Vuln

No description provided by source. ============================================================================================== Web3news = v0.95 PHPSECURITYADMINPATH Remote File Inclusion Exploit ===============================================================================================...

7.1AI score

Exploits0

Prion•added 2012/08/26 6:55 p.m.•10 views

Information disclosure

The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database...

1.9CVSS6.2AI score0.00351EPSS

Exploits0References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by