Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/05/07 4:16 a.m.13 views

CVE-2026-41662

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

5.2CVSS0.00285EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/07 3:1 a.m.8 views

EUVD-2026-28296

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

6.8CVSS5.7AI score0.00236EPSS
Exploits1References2
CVE
CVEadded 2026/05/07 3:0 a.m.8 views

CVE-2026-41671

Admidio prior to version 5.0.9 contains a vulnerability in its OIDC token introspection (/modules/sso/index.php/oidc/introspect) and revocation (/oidc/revoke) endpoints. The introspection endpoint always returns {"active": true} and the revocation endpoint returns {"revoked": true} without authen...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/07 3:0 a.m.4 views

CVE-2026-41670

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

8.2CVSS5.9AI score0.0028EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/07 2:58 a.m.5 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/11/02 7:57 p.m.6 views

Malicious code in web3-1-4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b0f3301c4d4556f7e8700121e0fa272e12f9fa0f75868720564356cdde51ed The package web3-1-4 was found to contain malicious code. Source: ossf-package-analysis...

7.2AI score
Exploits0
CNNVD
CNNVDadded 2025/05/16 12:0 a.m.4 views

SAMSUNG Galaxy Watch3 Plugin 信任管理问题漏洞

The SAMSUNG Galaxy Watch3 Plugin is a component of a Galaxy Wearable application from Samsung South Korea. A security vulnerability exists in SAMSUNG Galaxy Watch3 Plugin version 5.0.9 that stems from not properly validating TLS certificates, which could lead to a man-in-the-middle attack...

5.9CVSS6.5AI score0.00251EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2024/02/22 12:0 a.m.1 views

PT-2024-21288 · Basercms · Basercms

Name of the Vulnerable Software and Affected Versions: baserCMS versions prior to 5.0.9 Description: The issue is related to a cross-site scripting vulnerability in the content management feature of baserCMS. This vulnerability allows malicious code to be executed. Recommendations: For versions...

5.4CVSS6.5AI score0.00572EPSS
Exploits0References8
Rows per page
Query Builder