CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

RedhatCVE•added 2026/01/09 10:33 a.m.•5 views

CVE-2017-18478

In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions SEC-207...

6.5CVSS7AI score0.00367EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-19275

Malware in sbrugna...

8.8CVSS7.8AI score0.0032EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-9594

Malware in sbrugna...

6.5CVSS6.6AI score0.00367EPSS

Exploits0References2

Positive Technologies•added 2025/08/21 12:0 a.m.•4 views

PT-2025-34239

Name of the Vulnerable Software and Affected Versions: SpamTitan Email Security Gateway versions 8.00.0 through 8.00.100 SpamTitan Email Security Gateway versions 8.01.0 through 8.01.13 Description: The quarantine.php file within the SpamTitan interface allows unauthenticated users to trigger...

9.1CVSS6.4AI score0.0041EPSS

Exploits0References9

RedhatCVE•added 2025/05/23 3:55 a.m.•5 views

CVE-2023-34228

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions...

6.5CVSS7.1AI score0.00004EPSS

Exploits0

RedhatCVE•added 2025/05/22 7:3 a.m.•3 views

CVE-2018-10503

An issue was discovered in index.php in baijiacms V4 v41420170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser...

8.8CVSS7.2AI score0.00134EPSS

Exploits1References1

Metasploit•added 2024/12/10 6:54 p.m.•282 views

SAMR Account Management

Add, lookup and delete user / machine accounts via MS-SAMR. By default standard active directory users can add up to 10 new computers to the domain MachineAccountQuota. Administrative privileges however are required to delete the created accounts, or to create/delete user accounts. Module Options...

5.5AI score

Exploits0

Positive Technologies•added 2024/04/08 12:0 a.m.•2 views

PT-2024-23262 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4 HANA affected versions not specified Description: The issue is related to the Cash Management component in SAP S/4 HANA, which fails to perform necessary authorization checks for an authenticated user. This results in an escalation of...

4.3CVSS7.2AI score0.0007EPSS

Exploits0References4

Positive Technologies•added 2023/10/06 12:0 a.m.•3 views

PT-2023-27537 · Cluevo · Cluevo Lms

Name of the Vulnerable Software and Affected Versions: CLUEVO CLUEVO LMS, E-Learning Platform plugin versions = 1.10.0 Description: A Cross-Site Request Forgery CSRF issue affects the CLUEVO CLUEVO LMS, E-Learning Platform plugin. This issue allows an attacker to perform unintended actions on a...

8.8CVSS8.9AI score0.0007EPSS

Exploits0References6

NVD•added 2023/05/31 2:15 p.m.•10 views

CVE-2023-34228

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions...

6.5CVSS6.3AI score0.00004EPSS

Exploits0References1

Prion•added 2023/05/31 2:15 p.m.•10 views

Authentication flaw

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions...

4CVSS6.7AI score0.00004EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/05/31 1:3 p.m.•8 views

CVE-2023-34228

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions...

5.3CVSS7.4AI score0.00004EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 3:28 a.m.•1 views

SUSE CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.This bug only affects...

8.8CVSS8.4AI score0.00235EPSS

Exploits0References4

OSV•added 2022/12/22 8:15 p.m.•1 views

CVE-2022-22758

8.8CVSS7.3AI score0.00235EPSS

Exploits0References2

AlpineLinux•added 2022/12/22 12:0 a.m.•42 views

CVE-2022-22758

8.8CVSS8.5AI score0.00235EPSS

Exploits0

OSV•added 2019/09/16 6:15 p.m.•0 views

UBUNTU-CVE-2019-15737

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management...

6.5CVSS5.8AI score0.00321EPSS

Exploits0References3

Debian CVE•added 2019/09/16 5:2 p.m.•18 views

CVE-2019-15737

Removed by vendor...

6.5CVSS6.6AI score0.00321EPSS

Exploits0

Prion•added 2019/04/10 5:29 p.m.•12 views

Arbitrary file deletion

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app...

6CVSS8.8AI score0.00386EPSS

Exploits1References4Affected Software1

Cvelist•added 2014/01/12 3:0 p.m.•13 views

CVE-2013-6028

Multiple cross-site request forgery CSRF vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts, 2 modify user accounts, 3 delete user accounts, or 4 stop the product's service...

7.2AI score0.00307EPSS

Exploits0References3

Exploit DB•added 2005/07/10 12:0 a.m.•126 views

Hosting Controller 0.6.1 HotFix 2.1 - Change Credit Limit

Hi, I'm Soroush Dalili from GSG GrayHatz Security Group. Title: Hosting controller program have a security bug in "AccountActions.asp" that an authenticated user can change his/her credit and buy some services! Version: 6.1 HotFix 2.1 and older Developer url: hostingcontroller.com Comment: Hostin...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by