| CVE-2026-47233 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024 |
| CVE-2026-47234 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio writes session IDs and auto-login cookie values to application logs |
| CVE-2026-47232 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio PKCS#12 private key export action lacks CSRF protection |
| CVE-2026-47231 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders |
| CVE-2026-47230 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders |
| CVE-2026-47229 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation |
| CVE-2026-47228 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords |
| CVE-2026-47227 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php` |
| CVE-2026-47226 |
unknown |
— |
— |
|
|
|
6d ago |
Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges |
