CVE-2025-9955 Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...

EUVD-2022-37357

Malicious code in bioql PyPI...

CVE-2025-6250

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions...

CVE-2025-6250 Privilege Management for Windows - Elevation of Privilege

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions...

CVE-2024-57439

An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service DoS by duplicating the login name of the account...

CVE-2020-29194

Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel which will require a physical reset to restore administrative control via Randomnum=99AC8CEC6E845B28=1 in a POST request to the cgi-bin/setfactory URI...

CVE-2024-7036 Denial of Service in open-webui/open-webui

A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, ...

CVE-2024-7036 Denial of Service in open-webui/open-webui

A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, ...

PT-2025-12176 · Unknown · Open-Webui/Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version 0.3.8 Description: A vulnerability allows an unauthenticated attacker to sign up with excessively large text in the name field, causing the Admin panel to become unresponsive. This prevents administrators from...

SUSE-SU-2024:0851-1 Security update for axis

This update for axis fixes the following issues: - CVE-2023-51441: Fixed SSRF when untrusted input is passed to the service admin HTTP API bsc1218605...

HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass Exploit

This utility generates the TOTP passcode used to sign in as the support service account user for HammerSpace GFS default installations. Both the OVA and ISO are affected. Versions 4.6.6-324 and below with a default installation are affected. Affected Product: HammerSpace Global Data Environment /...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +7669 more potentially affected by CVE-2022-41966 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.2)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =1.1.0 - be.ordina:microservices-dashboard-server =1.0.1 and more Source cves: CVE-2022-41966 Source...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.21), ai.hyacinth.framework:core-service-gateway-server (>=0.5.0 <=0.5.21) +896 more potentially affected by CVE-2022-22965 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.2.1.RELEASE)

org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.0, =j8.2.3.0, =0.0.1, =2.1.2.RELEASE, =2.0.2, =0.5.0, =3.1.64, =3.1.37, =3.1.13, =3.1.64, =3.1.64, =3.1.64, =3.1.64, =3.1.165 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-gateway-server (>=0.5.0 <=0.5.24) +1082 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.0.0.RELEASE <=2.5.11)

org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =2.1.2.RELEASE, =1.3, =0.5.0, =3.1.37, =3.1.13, =3.1.85, =3.1.13, =3.1.13, =3.1.295 - ch.mobi.mobitor:mobitor-doc =3.1.13 - city.smartb.f2:f2-spring-boot-starter-function-http...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +6127 more potentially affected by CVE-2021-39139 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.17)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2021-39139 Source advisory: OSV:GHSA-64XX-CQ4Q-MF44...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +6127 more potentially affected by CVE-2021-39140 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.17)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2021-39140 Source advisory: OSV:GHSA-6WF9-JMG9-VXCC...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +6127 more potentially affected by CVE-2021-39141 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.17)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2021-39141 Source advisory: OSV:GHSA-G5W6-MRJ7-75H2...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +5661 more potentially affected by CVE-2021-21350 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.15)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2021-21350 Source advisory: OSV:GHSA-43GC-MJXG-GVRQ...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +5661 more potentially affected by CVE-2021-21343 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.15)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2021-21343 Source advisory: OSV:GHSA-74CV-F58X-F9WF...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +5475 more potentially affected by CVE-2020-26259 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.14)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2020-26259 Source advisory: OSV:GHSA-JFVX-7WRX-43FH...