Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-4726

Malware in sbrugna...

6.8CVSS6.1AI score0.02199EPSS
Exploits5References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-5679

Malware in sbrugna...

7.5CVSS6.4AI score0.02643EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2025/05/01 10:39 p.m.299 views

Exploit for SQL Injection in Valvepress Automatic

WP Automatic Plugin SQL Injection Exploit CVE-2024-27956 !...

9.9CVSS9.1AI score0.93971EPSS
Exploits16
RedhatCVE
RedhatCVE
added 2025/02/07 9:47 a.m.7 views

CVE-2025-0364

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the...

9.8CVSS8.5AI score0.01898EPSS
Exploits2References1
EUVD
EUVD
added 2025/02/04 5:51 p.m.7 views

EUVD-2025-1627

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the...

9.8CVSS10AI score0.01898EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2024/06/12 11:5 a.m.17 views

CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...

9.8CVSS6.7AI score0.04156EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/12 11:5 a.m.174 views

CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...

9.8CVSS0.04156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/25 5:15 p.m.5 views

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

5.4CVSS6.1AI score0.0053EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2022/08/17 12:0 a.m.5 views

The vulnerability of the monitoring tool for VMware vRealize Operations, related to authentication errors, allows a perpetrator to create a user with administrative privileges.

The vulnerability of the monitoring tool for VMware vRealize Operations is related to authentication errors. Exploiting this vulnerability could allow a malicious actor to create a user with administrative privileges...

5.6CVSS7.5AI score0.00718EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/06/22 1:15 p.m.22 views

Cross site request forgery (csrf)

WebFOCUS Business Intelligence 8.0 SP6 allows a Cross-Site Request Forgery CSRF attack against administrative users within the /ibiapps/WFServlet.ibfs endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044...

6.8CVSS8.9AI score0.03842EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2017/09/13 12:0 a.m.3 views

Honeywell NVR Device Privilege Acquisition Vulnerability

Honeywell NVR devices is a network video recorder device from Honeywell USA. A security vulnerability exists in Honeywell NVR devices. A remote attacker can exploit the vulnerability to create a user account in an administrative group and log into the account to take control of the device...

9.3CVSS8.2AI score0.03737EPSS
Exploits0References1
NVD
NVD
added 2013/08/19 1:7 p.m.23 views

CVE-2013-4881

Cross-site request forgery CSRF vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php...

6.8CVSS7AI score0.02199EPSS
Exploits5References5
Rows per page
Query Builder