admidio/admidio vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-47233Mediumadmidio/admidio: Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of…CVE-2026-47234Mediumadmidio/admidio: Admidio writes session IDs and auto-login cookie values to application logsCVE-2026-47232Mediumadmidio/admidio: Admidio PKCS#12 private key export action lacks CSRF protectionCVE-2026-47231Highadmidio/admidio: Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate…CVE-2026-47230Mediumadmidio/admidio: Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by…CVE-2026-47229Mediumadmidio/admidio: Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validationCVE-2026-47228Mediumadmidio/admidio: Admidio's CSRF in registration `send_login` mode resets arbitrary user passwordsCVE-2026-47227Mediumadmidio/admidio: Admidio module-administrator can delete or reorder categories owned by other modules via dead…CVE-2026-47226Mediumadmidio/admidio: Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated…CVE-2026-42194Mediumadmidio/admidio: Admidio has an incomplete fix for CVE-2026-32812 (SSRF)CVE-2026-41671Mediumadmidio/admidio: Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without ValidationCVE-2026-41670Highadmidio/admidio: Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequestCVE-2026-41669Highadmidio/admidio: Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequestsCVE-2026-41663Lowadmidio/admidio: Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email…CVE-2026-41662Mediumadmidio/admidio: Admidio Missing Minimum Administrator Check in Role Membership RemovalCVE-2026-41661Mediumadmidio/admidio: Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag ConversionCVE-2026-41660Highadmidio/admidio: Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTPCVE-2026-41659Lowadmidio/admidio: Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member AssignmentCVE-2026-41658Mediumadmidio/admidio: Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated…CVE-2026-41657Mediumadmidio/admidio: Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.phpCVE-2026-41656Mediumadmidio/admidio: Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables…CVE-2026-41655Mediumadmidio/admidio: Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including…CVE-2026-34383Mediumadmidio/admidio: Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` ParameterCVE-2026-34384Mediumadmidio/admidio: Admidio has Missing CSRF Protection on Registration Approval ActionsCVE-2026-34382Mediumadmidio/admidio: Admidio has Missing CSRF Protections on Custom List Deletion in mylist_function.php

Stop the waste.
Protect your environment with Kodem.