14 matches found
CVE-2026-4312
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...
CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie Awie import module allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0...
EUVD-2015-4327
Malware in sbrugna...
EUVD-2009-3920
Malware in sbrugna...
CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in...
CVE-2025-8059 B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfrregistration function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and...
CVE-2012-2447
Cross-site request forgery CSRF vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action...
CVE-2025-3102
CVE-2025-3102 — SureTriggers WordPress plugin (≤ 1.0.78) vulnerable to authentication bypass that allows unauthenticated creation of administrator accounts via the plugin’s REST API when the API key is not configured. Evidence across sources shows a missing empty value check on the secret_key in ...
SonicWall Email Security pre-authentication administrative account creation vulnerability
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. CVE: CVE-2021-20021 Last updated: April 9, 2021, 5:12 p.m...
X2Engine 4.2 - Cross-Site Request Forgery
X2Engine 4.2 - Cross-Site Request Forgery Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to...
TorrentFlux 2.3 - admin.php Administrator Account Creation CSRF
No description provided by source. source: http://www.securityfocus.com/bid/28846/info TorrentFlux is prone to a cross-site request-forgery vulnerability and a remote PHP code-execution vulnerability. Exploiting these issues may allow a remote attacker to create administrative accounts in the...
CVE-2013-6129
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameters, as exploited in the wild in October 2013...
P-News 1.16 - Administrative Account Creation
P-News 1.16 - Administrative Account Creation source: https://www.securityfocus.com/bid/7689/info A vulnerability has been reported that could enable a P-News member to create and access an administrative account. This is due to insufficient validation of data supplied to account editing input...
P-News 1.16 - Administrative Account Creation
source: https://www.securityfocus.com/bid/7689/info A vulnerability has been reported that could enable a P-News member to create and access an administrative account. This is due to insufficient validation of data supplied to account editing input fields of P-News. This issue was reported in...