Lucene search
+L

35 matches found

nessus
nessus
added 3 days ago5 views

Zoom Workplace VDI Client < 7.0.10 Vulnerability (ZSB-26014)

The version of Zoom Workplace VDI Client installed on the remote host is prior to 7.0.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-26014 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

9.8CVSS6.2AI score
Exploits0References2
patchstack
patchstack
added 2026/01/29 8:8 a.m.8 views

WordPress Booked plugin <= 3.0.0 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Booked versions = 3.0.0...

5.4CVSS5.9AI score0.00354EPSS
Exploits0Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-18250

Malware in sbrugna...

9.8CVSS9.2AI score0.0156EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0038

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00679EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-8784

Malicious code in bioql PyPI...

7.9CVSS6.7AI score0.00254EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5372

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01358EPSS
Exploits1References4
exploitdb
exploitdb
added 2025/07/08 12:0 a.m.263 views

Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover

Exploit Title: Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover Date: October 25, 2024 Exploit Author: stealthcopter Vendor Homepage: https://stacksmarket.co/ Software Link: https://wordpress.org/plugins/stacks-mobile-app-builder/ Version: = 5.2.3 Tested on: Ubuntu...

9.8CVSS6.6AI score0.07959EPSS
Exploits3
nvd
nvd
added 2025/07/07 4:15 p.m.21 views

CVE-2025-53373

Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b...

9.3CVSS0.00299EPSS
Exploits0References2
cve
cve
added 2025/07/07 3:38 p.m.30 views

CVE-2025-53373

Natours (Tour Booking API) has a Host header injection vulnerability in the /forgetpassword endpoint that lets an attacker take over a victim's account by supplying an attacker-controlled server domain. The issue is mitigated by the fix in commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b. Affected...

9.3CVSS6.4AI score0.00299EPSS
Exploits0References2
cvelist
cvelist
added 2025/06/03 4:22 a.m.16 views

CVE-2025-4797 Golo <= 1.7.0 - Authentication Bypass to Account Takeover

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it...

9.8CVSS0.00434EPSS
Exploits0References2
osv
osv
added 2025/05/29 8:59 p.m.3 views

GO-2025-3721 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection in github.com/zitadel/zitadel

ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

8.8CVSS7.3AI score0.00358EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/22 7:36 p.m.17 views

CVE-2021-29487

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...

7.4CVSS7.1AI score0.00895EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 5:6 p.m.13 views

CVE-2020-9384

An Insecure Direct Object Reference IDOR vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the applicati...

8.8CVSS6.6AI score0.01902EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/22 3:9 p.m.7 views

CVE-2020-10074

GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link...

9.8CVSS6.6AI score0.01276EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 8:26 a.m.8 views

CVE-2019-14481

AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery CSRF vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover...

5.8CVSS7AI score0.00439EPSS
Exploits1References1
cvelist
cvelist
added 2025/05/21 10:11 p.m.16 views

CVE-2025-48070 Plane has insecure permissions in UserSerializer

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

3.5CVSS0.00227EPSS
Exploits1References2
nvd
nvd
added 2025/05/17 7:15 p.m.22 views

CVE-2025-47945

Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens JWT for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate...

9.8CVSS0.00575EPSS
Exploits1References3
cvelist
cvelist
added 2025/05/12 10:30 a.m.34 views

CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

8.4CVSS0.00314EPSS
Exploits1References2
hackerone
hackerone
added 2025/04/07 9:59 p.m.223 views

hostinger : 1 Click Account Takeover via Auth Token Theft on marketing.hostinger.com

The vulnerability discovered in the marketing.hostinger.com subdomain allowed for one-click account takeover through the theft of authentication tokens. An attacker could exploit the whitelisted redirect functionality of the subdomain to steal a victim's authentication token, which could then be...

7.4AI score
Exploits0
nvd
nvd
added 2025/03/17 7:15 a.m.10 views

CVE-2025-1724

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token...

7.4CVSS0.01214EPSS
Exploits0References2
Rows per page
Query Builder