| CVE-2026-41670 |
high |
8.2 |
8.2 |
28d ago |
Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest |
|
| CVE-2026-41669 |
high |
8.2 |
8.2 |
28d ago |
Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests |
|
| CVE-2026-41660 |
high |
7.1 |
7.1 |
28d ago |
Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP |
|
| CVE-2026-42194 |
medium |
6.8 |
6.8 |
22d ago |
Admidio has an incomplete fix for CVE-2026-32812 (SSRF) |
|
| CVE-2026-41671 |
medium |
6.8 |
6.8 |
28d ago |
Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation |
|
| CVE-2026-41658 |
medium |
6.5 |
6.5 |
28d ago |
Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items |
|
| CVE-2026-41655 |
medium |
6.5 |
6.5 |
28d ago |
Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials |
|
| CVE-2026-41661 |
medium |
6.1 |
6.1 |
28d ago |
Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion |
|
| CVE-2026-41662 |
medium |
5.2 |
5.2 |
28d ago |
Admidio Missing Minimum Administrator Check in Role Membership Removal |
|
| CVE-2026-41657 |
medium |
4.9 |
4.9 |
28d ago |
Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php |
|
| CVE-2026-41656 |
medium |
4.5 |
4.5 |
28d ago |
Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read |
|
| CVE-2017-8382 |
medium |
4.5 |
4.5 |
9y ago |
admidio CSRF Vulnerability |
|
| CVE-2026-41663 |
low |
3.5 |
3.5 |
28d ago |
Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send |
|
| CVE-2026-41659 |
low |
2.7 |
2.7 |
28d ago |
Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment |
|
| CVE-2026-34383 |
unknown |
— |
— |
2mo ago |
Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter |
|
| CVE-2026-34384 |
unknown |
— |
— |
2mo ago |
Admidio has Missing CSRF Protection on Registration Approval Actions |
|
| CVE-2026-34382 |
unknown |
— |
— |
2mo ago |
Admidio has Missing CSRF Protections on Custom List Deletion in mylist_function.php |
|
| CVE-2026-34381 |
unknown |
— |
— |
2mo ago |
Admidio allows Unauthenticated Access to Role-Restricted documents via neutralized .htaccess |
|
| CVE-2026-32813 |
unknown |
— |
— |
2mo ago |
Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) |
|
| CVE-2026-32818 |
unknown |
— |
— |
2mo ago |
Admidio is Missing Authorization on Forum Topic and Post Deletion |
|
| CVE-2026-32757 |
unknown |
— |
— |
2mo ago |
Admidio has an HTMLPurifier Bypass in eCard Message Allows HTML Email Injection |
|
| CVE-2026-32817 |
unknown |
— |
— |
2mo ago |
Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion |
|
| CVE-2026-32812 |
unknown |
— |
— |
2mo ago |
Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint |
|
| CVE-2026-32755 |
unknown |
— |
— |
2mo ago |
Admidio is Missing CSRF Protection on Role Membership Date Changes |
|
| CVE-2026-32816 |
unknown |
— |
— |
2mo ago |
Admidio is Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions |
|
| CVE-2026-32756 |
unknown |
— |
— |
2mo ago |
File Upload(RCE) Vulnerability in admidio |
|
| CVE-2026-30927 |
unknown |
— |
— |
3mo ago |
Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter |
|
| CVE-2025-62617 |
unknown |
— |
— |
7mo ago |
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality |
|
| CVE-2024-47836 |
unknown |
— |
— |
2y ago |
Admidio Vulnerable to HTML Injection In The Messages Section |
|
| CVE-2024-38529 |
unknown |
— |
— |
2y ago |
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment |
|
| CVE-2024-37906 |
unknown |
— |
— |
2y ago |
Admidio has Blind SQL Injection in ecard_send.php |
|
| CVE-2023-47380 |
unknown |
— |
— |
3y ago |
Cross-site Scripting in Admidio |
|
| CVE-2023-4190 |
unknown |
— |
— |
3y ago |
Admidio Insufficient Session Expiration vulnerability |
|
| CVE-2023-3692 |
unknown |
— |
— |
3y ago |
Admidio vulnerable to Unrestricted Upload of File with Dangerous Type |
|
| CVE-2023-3303 |
unknown |
— |
— |
3y ago |
Admidio Improper Access Control vulnerability |
|
| CVE-2023-3304 |
unknown |
— |
— |
3y ago |
Admidio Improper Access Control vulnerability |
|
| CVE-2023-3302 |
unknown |
— |
— |
3y ago |
Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability |
|
| CVE-2023-3109 |
unknown |
— |
— |
3y ago |
Admidio vulnerable to Cross-site Scripting |
|
| CVE-2022-23896 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in admidio |
|
| CVE-2022-0991 |
unknown |
— |
— |
4y ago |
Insufficient Session Expiration in Admidio |
|