817 matches found
Apache ActiveMQ <=5.15.5 - Cross-Site Scripting
Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter. id: CVE-2018-8006 info: name: Apache ActiveMQ =5.15.5 - Cross-Site...
CVE-2026-50224
The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...
CVE-2026-50224 Unauthenticated IPv6 WAN Management Exposure
The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...
CVE-2026-50224
CVE-2026-50224 describes that the web administration panel binds broadly to the public IPv6 space on port [::]:8080 with no default firewall limits, making internal API endpoints reachable over the WAN. The NVD entry cites a network attack vector with low exploit complexity and no user interactio...
CVE-2025-41267
The CVE-2025-41267 entry concerns Nozomi Networks’ Waterfall WF-500 TX Host (Administration WebUI), affected version 7.9.1.0 R2502171040. It reports a CWE-78 OS Command Injection in the Administration WebUI that can be triggered by remote authenticated attackers to execute arbitrary operating sys...
EUVD-2026-28591
Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escala...
CVE-2026-8077 Weak credentials vulnerability in the CashDro 3 web administration panel
Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escala...
CVE-2026-8077 Weak credentials vulnerability in the CashDro 3 web administration panel
Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escala...
CVE-2026-8076
CVE-2026-8076 concerns the CashDro 3 web administration panel (version 24.01.00.26). The identified issue is weak credentials enabling PIN-based authentication, which supports numeric PINs compatible with POS integrations dating back to 2012. This design allows an attacker to perform brute-force ...
CVE-2026-8076 Weak credentials vulnerability in the CashDro 3 web administration panel
Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...
CVE-2026-8076
Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...
IBM i Web Administration GUI Elevation of Privilege Vulnerability
IBM i is an integrated operating system developed by IBM for use on IBM Power Systems servers, providing database, network, and application services. An elevation of privilege vulnerability exists in IBM i. The vulnerability stems from an invalid authorization check in the Web Administration GUI...
CVE-2026-2311
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...
CVE-2026-2311
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...
CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...
EUVD-2026-26440
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...
CVE-2026-2311
CVE-2026-2311 affects IBM i releases 7.6, 7.5, 7.4, 7.3, and 7.2. The root cause is an invalid authorization check in the IBM i Web Administration GUI, enabling privilege escalation where a malicious actor could cause user‑controlled code to execute with administrator privileges. Impact is high (...
CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...
PT-2026-36207
Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.6 Description An invalid authorization check in the IBM i Web Administration GUI allows for privilege escalation. This flaw enables a malicious actor to execute user-controlled code with administrator privileges...
IBM i 访问控制错误漏洞
IBM i is an integrated operating system developed by IBM for use on IBM Power Systems servers, providing database, network, and application services. An elevation of privilege vulnerability exists in IBM i. The vulnerability stems from an invalid authorization check in the Web Administration GUI...