Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17450

Malware in sbrugna...

6.5CVSS6.6AI score0.00402EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6961

Malicious code in bioql PyPI...

8.3CVSS8.2AI score0.00647EPSS
Exploits1References3
OSV
OSV
added 2025/07/18 8:15 a.m.1 views

CVE-2024-27779

An insufficient session expiration vulnerability CWE-613 in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all...

6.7CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/23 1:44 p.m.9 views

CVE-2025-3580

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...

5.5CVSS5.5AI score0.00378EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Improper Privilege Management

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Privilege Management through the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. An attacker, acting as an admin, can delete other administrators. This action is restricted by the us...

8.3CVSS8.2AI score0.00647EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.8 views

CVE-2024-7039 Improper Privilege Management in open-webui/open-webui

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. This action is restricted by the user...

8.3CVSS8.3AI score0.00647EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:11 a.m.69 views

CVE-2024-7039

CVE-2024-7039 affects open-webui/open-webui v0.3.8. Affected component: API-based user management. Root cause: improper privilege management allows an admin to delete other administrators via the endpoint http://0.0.0.0:8080/api/v1/users/{uuid_administrator}, despite UI restrictions. Impact: elev...

8.3CVSS6.9AI score0.00647EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12177 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version v0.3.8 Description: The application exhibits improper privilege management. An attacker with administrator privileges can delete other administrators by directly accessing the API endpoint...

8.3CVSS8.2AI score0.00647EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.3 views

Pat Infinite Solutions HelpdeskAdvanced 安全漏洞

Pat Infinite Solutions HelpdeskAdvanced is an automated solution for strategic governance of Service Management activities from Pat Infinite Solutions. A security vulnerability exists in Pat Infinite Solutions HelpdeskAdvanced version 11.0.33 and prior versions that stems from improper access...

8.1CVSS6.7AI score0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.4 views

PHP Task Management System 安全漏洞

SourceCodester Task Management System is a task management system. A security vulnerability exists in PHP Task Management System version 1.0, which stems from the deletion of the administrator user function being vulnerable to SQL injection attacks...

9.8CVSS7.9AI score0.0093EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/02/04 12:0 a.m.5 views

Meinberg Funkuhren Meinberg LANTIME-Firmware Security Vulnerability

Meinberg Funkuhren Meinberg LANTIME-Firmware is a ready-to-use network time protocol server from Meinberg Funkuhren, Germany. A security vulnerability exists in Meinberg LANTIME-Firmware, which stems from a problem found in LTOS-Web-Interface. An administrator can delete required user accounts...

6.5CVSS6.8AI score0.00496EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.4 views

PT-2023-11855 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API plugin for WordPress versions up to and including 2.1.5 Description: The issue allows for authentication bypass due to unrestricted access to the 'register' and 'update user profile' routes, enabling unauthenticated attackers to...

9.8CVSS9.7AI score0.01605EPSS
Exploits1References5
OSV
OSV
added 2023/05/08 2:15 p.m.2 views

CVE-2020-22334

Cross Site Request Forgery CSRF vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/adminadmin.php...

6.5CVSS5.8AI score0.00367EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/01 12:0 a.m.5 views

Shopizer 安全特征问题漏洞

Shopizer is a Java-based open source e-commerce solution from the Shopizer team. A security signature issue vulnerability exists in Shopizer versions 2.0 through 2.17.0, which can be exploited by an attacker to cause a regular administrator to permanently delete a super administrator...

6.5CVSS6.6AI score0.01082EPSS
Exploits1References4
NVD
NVD
added 2020/09/10 2:15 p.m.16 views

CVE-2020-24739

A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRFTOKEN and can still request normally, all administrators except the initial administrator will be deleted...

6.5CVSS0.00402EPSS
Exploits1References1
CVE
CVE
added 2020/09/10 1:17 p.m.34 views

CVE-2020-24739

CVE-2020-24739 describes a CSRF flaw in iCMS v7.0.0 where, if the CSRF_TOKEN is missing, a background deletion action can delete all administrator accounts except the initial admin. This vulnerability is documented by multiple sources (Red Hat, CNVD, NVD, CVE lists) with the same basic descriptio...

6.5CVSS6.5AI score0.00402EPSS
Exploits1References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2015/06/07 12:0 a.m.0 views

OsCommerce Cross-Site Request Forgery Administrator Deletion

A Cross-Site Request Forgery vulnerability has been reported in OsCommerce Online Merchant platform. Successful exploitation of this vulnerability would allow remote attackers to delete administrator users from the affected system...

4.5AI score
Exploits0
Rows per page
Query Builder