admidio

Top products

The 15 most recently published vulnerabilities affecting admidio.

• CVE-2018-25370Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php5.3May 25, 2026
• CVE-2026-42194Incomplete fix for CVE-2026-32812: SSRF in admidio6.8May 7, 2026
• CVE-2026-41671Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation6.8May 7, 2026
• CVE-2026-41670Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest8.2May 7, 2026
• CVE-2026-41669Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed8.2May 7, 2026
• CVE-2026-41663Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send3.5May 7, 2026
• CVE-2026-41662Admidio: Missing Minimum Administrator Check in Role Membership Removal5.2May 7, 2026
• CVE-2026-41661Admidio: Reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion6.1May 7, 2026
• CVE-2026-41660Admidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTP7.1May 7, 2026
• CVE-2026-41659Admidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member Assignment2.7May 7, 2026
• CVE-2026-41658Admidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items6.5May 7, 2026
• CVE-2026-41657Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php4.9May 7, 2026
• CVE-2026-41656Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read4.5May 7, 2026
• CVE-2026-41655Admidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database Credentials6.5May 7, 2026
• CVE-2026-34384Admidio: Missing CSRF Protection on Registration Approval Actions4.5Mar 31, 2026