| CVE-2026-42194 |
medium |
6.8 |
6.8 |
22d ago |
Admidio has an incomplete fix for CVE-2026-32812 (SSRF) |
|
| CVE-2026-41671 |
medium |
6.8 |
6.8 |
28d ago |
Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation |
|
| CVE-2026-41658 |
medium |
6.5 |
6.5 |
28d ago |
Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items |
|
| CVE-2026-41655 |
medium |
6.5 |
6.5 |
28d ago |
Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials |
|
| CVE-2026-41661 |
medium |
6.1 |
6.1 |
28d ago |
Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion |
|
| CVE-2026-41662 |
medium |
5.2 |
5.2 |
28d ago |
Admidio Missing Minimum Administrator Check in Role Membership Removal |
|
| CVE-2026-41657 |
medium |
4.9 |
4.9 |
28d ago |
Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php |
|
| CVE-2026-41656 |
medium |
4.5 |
4.5 |
28d ago |
Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read |
|
| CVE-2026-41663 |
low |
3.5 |
3.5 |
28d ago |
Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send |
|
| CVE-2026-41659 |
low |
2.7 |
2.7 |
28d ago |
Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment |
|