Lucene search
K

2411 matches found

Nuclei
Nuclei
added 14 hours ago396 views

JFrog Artifactory 6.7.3 - Admin Login Bypass

JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allo...

9.8CVSS7.2AI score0.53879EPSS
Exploits3References5
Nuclei
Nuclei
added 2 days ago38 views

Palo Alto Expedition - Admin Account Takeover

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. id: CVE-2024-5910 info: name: Palo Alto Expedition - Admin Account Takeover author: johnk3r severity: critical...

9.8CVSS7.4AI score0.91783EPSS
Exploits9References3
Nuclei
Nuclei
added 3 days ago15 views

SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation

SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. id: CVE-2021-20021 info: name: SonicWall Email Security = 10.0.9.x - Unauthenticated Admin Account Creation author: pussycat0x severity: critical...

9.8CVSS7.6AI score0.83425EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/27 4:30 a.m.9 views

EUVD-2026-39943

The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...

9.8CVSS5.8AI score0.00662EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/27 12:30 a.m.11 views

EUVD-2026-39925

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access...

9.3CVSS5.8AI score0.0045EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 11:17 p.m.13 views

CVE-2026-31928

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access...

9.3CVSS0.0045EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 10:52 p.m.16 views

CVE-2026-31928

The CVE-2026-31928 entry concerns DMP-5000 devices shipped with a default administrative web account and weak authentication controls that are not required to be changed during initial configuration or operation, enabling full system access if exploited. The issue is tied to hard-coded/default cr...

9.3CVSS5.8AI score0.0045EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 10:52 p.m.35 views

CVE-2026-31928 Daktronics Controller Firmware Use of Hard-coded Credentials

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access...

9.3CVSS0.0045EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52988

Name of the Vulnerable Software and Affected Versions DMP-5000 affected versions not specified Description Devices are shipped with a default administrative web account that utilizes weak authentication controls. These credentials are not required to be changed during the initial configuration or...

9.3CVSS5.8AI score0.0045EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 7:8 p.m.18 views

CVE-2026-57520

Bitwarden Server prior to 2026.5.0 is affected by a privilege-escalation vulnerability in the bulk user-remove endpoint. The issue arises from a missing role hierarchy check, allowing authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by supplying...

7.1CVSS5.9AI score0.00354EPSS
Exploits1References5Affected Software1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.218 views

Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass

Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. id: CVE-2023-35078 info...

10CVSS8.8AI score0.99999EPSS
Exploits14References5
NVD
NVD
added 2026/06/15 8:16 a.m.12 views

CVE-2026-8935

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

9.8CVSS0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 6:0 a.m.36 views

CVE-2026-8935 Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 6:0 a.m.9 views

EUVD-2026-36699

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

9.8CVSS5.2AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:8 p.m.18 views

EUVD-2026-35391

TYPO3 CMS has Broken Access Control in its Form Framework...

7.6CVSS5.2AI score0.00238EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 7:32 p.m.14 views

EUVD-2026-35393

TYPO3 CMS has Broken Access Control in its Form Framework...

7.6CVSS5.2AI score0.00253EPSS
Exploits0References6
NCSC
NCSC
added 2026/06/11 11:11 a.m.17 views

Vulnerabilities found in Ivanti Sentry

Ivanti has identified two vulnerabilities in Sentry. The first vulnerability is rated by Ivanti with a CVSS score of 10. An unauthorized malicious actor can execute arbitrary code with root privileges through this vulnerability. The second vulnerability is rated with a CVSS score of 9.9. This...

10CVSS6AI score0.99041EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2025-66273

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.01049EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:8 a.m.14 views

EUVD-2026-35975

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:5 a.m.10 views

EUVD-2025-210100

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.01049EPSS
Exploits0References1
Rows per page
Query Builder