| CVE-2026-42194 |
medium |
6.8 |
6.8 |
|
|
|
1mo ago |
Admidio has an incomplete fix for CVE-2026-32812 (SSRF) |
| CVE-2026-41671 |
medium |
6.8 |
6.8 |
|
|
|
1mo ago |
Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation |
| CVE-2026-41658 |
medium |
6.5 |
6.5 |
|
|
|
1mo ago |
Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items |
| CVE-2026-41655 |
medium |
6.5 |
6.5 |
|
|
|
1mo ago |
Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials |
| CVE-2026-41661 |
medium |
6.1 |
6.1 |
|
|
|
1mo ago |
Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion |
| CVE-2017-8382 |
medium |
4.5 |
5.5 |
|
|
|
9y ago |
admidio CSRF Vulnerability |
| CVE-2026-41662 |
medium |
5.2 |
5.2 |
|
|
|
1mo ago |
Admidio Missing Minimum Administrator Check in Role Membership Removal |
| CVE-2026-41657 |
medium |
4.9 |
4.9 |
|
|
|
1mo ago |
Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php |
| CVE-2026-41656 |
medium |
4.5 |
4.5 |
|
|
|
1mo ago |
Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read |
| CVE-2026-47233 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024 |
| CVE-2026-47234 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio writes session IDs and auto-login cookie values to application logs |
| CVE-2026-47232 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio PKCS#12 private key export action lacks CSRF protection |
| CVE-2026-47231 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders |
| CVE-2026-47230 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders |
| CVE-2026-47229 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation |
| CVE-2026-47228 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords |
| CVE-2026-47227 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php` |
| CVE-2026-47226 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges |
