| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34384 | Admidio: Missing CSRF Protection on Registration Approval Actions | Admidio | admidio | Medium | 4.5 | 2026-03-31 20:34:38 | Deep Dive |
| CVE-2026-34383 | Admidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter | Admidio | admidio | Medium | 4.3 | 2026-03-31 20:33:41 | Deep Dive |
| CVE-2026-34382 | Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php | Admidio | admidio | Medium | 4.6 | 2026-03-31 20:32:35 | Deep Dive |
| CVE-2026-34381 | Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess | Admidio | admidio | High | 7.5 | 2026-03-31 20:31:23 | Deep Dive |
| CVE-2026-32813 | Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter) | Admidio | admidio | High | 8.0 | 2026-03-20 02:09:08 | Deep Dive |
| CVE-2026-32817 | Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion | Admidio | admidio | Critical | 9.1 | 2026-03-20 02:01:22 | Deep Dive |
| CVE-2026-32812 | Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint | Admidio | admidio | Medium | 6.8 | 2026-03-20 01:58:05 | Deep Dive |
| CVE-2026-32757 | Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection | Admidio | admidio | Medium | 5.4 | 2026-03-19 23:12:38 | Deep Dive |
| CVE-2026-32756 | Admidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files Module | Admidio | admidio | High | 8.8 | 2026-03-19 23:08:03 | Deep Dive |
| CVE-2026-32818 | Admidio is Missing Authorization on Forum Topic and Post Deletion | Admidio | admidio | Medium | 6.5 | 2026-03-19 23:00:40 | Deep Dive |
| CVE-2026-32816 | Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions | Admidio | admidio | Medium | 5.7 | 2026-03-19 22:57:19 | Deep Dive |
| CVE-2026-32755 | Admidio is Missing CSRF Protection on Role Membership Date Changes | Admidio | admidio | Medium | 5.7 | 2026-03-19 22:53:09 | Deep Dive |
| CVE-2026-30927 | Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter | Admidio | admidio | - | - | 2026-03-09 23:03:56 | Deep Dive |
| CVE-2025-62617 | Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality | Admidio | admidio | High | 7.2 | 2025-10-22 21:19:01 | Deep Dive |
| CVE-2024-47836 | Admidio vulnerable to HTML Injection In The Messages Section | Admidio | admidio | Low | 3.5 | 2024-10-16 19:43:08 | Deep Dive |
| CVE-2024-38529 | Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment | Admidio | admidio | Critical | 9.0 | 2024-07-29 14:29:51 | Deep Dive |
| CVE-2024-37906 | Admidio has Blind SQL Injection in ecard_send.php | Admidio | admidio | Critical | 9.9 | 2024-07-29 14:22:57 | Deep Dive |
| CVE-2023-4190 | Insufficient Session Expiration in admidio/admidio | admidio | admidio/admidio | 中危 | - | 2023-08-06 00:00:20 | Deep Dive |
| CVE-2023-3692 | Unrestricted Upload of File with Dangerous Type in admidio/admidio | admidio | admidio/admidio | 高危 | - | 2023-07-16 00:00:20 | Deep Dive |
| CVE-2023-3304 | Improper Access Control in admidio/admidio | admidio | admidio/admidio | 中危 | - | 2023-06-23 00:00:00 | Deep Dive |