Lucene search
+L

14 matches found

NVD
NVD
added 2026/03/17 8:15 a.m.5 views

CVE-2026-4312

GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...

9.8CVSS0.0045EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/05 2:31 p.m.28 views

CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie Awie import module allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0...

9.8CVSS0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-4327

Malware in sbrugna...

9CVSS6.4AI score0.02644EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-3920

Malware in sbrugna...

7.5CVSS6.4AI score0.02199EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/25 4:22 p.m.12 views

CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in...

8.8CVSS0.00433EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/12 4:25 a.m.7 views

CVE-2025-8059 B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function

The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfrregistration function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and...

9.8CVSS0.00478EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 3:5 a.m.8 views

CVE-2012-2447

Cross-site request forgery CSRF vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action...

6.8CVSS7.3AI score0.00675EPSS
Exploits6References1
CVE
CVE
added 2025/04/10 4:22 a.m.310 views

CVE-2025-3102

CVE-2025-3102 — SureTriggers WordPress plugin (≤ 1.0.78) vulnerable to authentication bypass that allows unauthenticated creation of administrator accounts via the plugin’s REST API when the API key is not configured. Evidence across sources shows a missing empty value check on the secret_key in ...

8.1CVSS8.2AI score0.7568EPSS
In wildExploits8References3
SonicWall
SonicWall
added 2021/04/09 5:12 p.m.18 views

SonicWall Email Security pre-authentication administrative account creation vulnerability

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. CVE: CVE-2021-20021 Last updated: April 9, 2021, 5:12 p.m...

9.4CVSS6.7AI score0.83425EPSS
Exploits0
exploitpack
exploitpack
added 2015/09/25 12:0 a.m.87 views

X2Engine 4.2 - Cross-Site Request Forgery

X2Engine 4.2 - Cross-Site Request Forgery Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to...

6.8CVSS0.9AI score0.02756EPSS
Exploits4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

TorrentFlux 2.3 - admin.php Administrator Account Creation CSRF

No description provided by source. source: http://www.securityfocus.com/bid/28846/info TorrentFlux is prone to a cross-site request-forgery vulnerability and a remote PHP code-execution vulnerability. Exploiting these issues may allow a remote attacker to create administrative accounts in the...

7.1AI score
Exploits0
NVD
NVD
added 2013/10/19 10:36 a.m.21 views

CVE-2013-6129

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameters, as exploited in the wild in October 2013...

7.5CVSS6.6AI score0.51887EPSS
Exploits7References2
exploitpack
exploitpack
added 2003/05/24 12:0 a.m.26 views

P-News 1.16 - Administrative Account Creation

P-News 1.16 - Administrative Account Creation source: https://www.securityfocus.com/bid/7689/info A vulnerability has been reported that could enable a P-News member to create and access an administrative account. This is due to insufficient validation of data supplied to account editing input...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/24 12:0 a.m.27 views

P-News 1.16 - Administrative Account Creation

source: https://www.securityfocus.com/bid/7689/info A vulnerability has been reported that could enable a P-News member to create and access an administrative account. This is due to insufficient validation of data supplied to account editing input fields of P-News. This issue was reported in...

7.4AI score
Exploits0
Rows per page
Query Builder