Lucene search
K

26 matches found

Nuclei
Nuclei
added 8 hours ago70 views

Vue Vben Admin - Default Credentials

Vue Vben Admin 2.10.1 contains a broken authentication caused by hardcoded credentials in the backend, letting attackers log in without proper authorization, exploit requires access to the login interface. id: CVE-2025-25570 info: name: Vue Vben Admin - Default Credentials author: 0xAkoko severit...

9.8CVSS7.1AI score0.01999EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39598

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:29 p.m.8 views

CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/20 10:3 p.m.15 views

CVE-2026-42946

A flaw was found in the ngxhttpscgimodule and ngxhttpuwsgimodule modules of NGINX. When scgipass or uwsgipass is configured, an unauthenticated attacker able to intercept and modify network traffic via a Man-In-The-Middle MITM attack and control the responses from an upstream server may be able t...

8.3CVSS5.8AI score0.00932EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/18 4:21 p.m.9 views

External Control of File Name or Path

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to External Control of File Name or Path through the deleteFileOrFolder and renameFile processes. An attacker can remove or rename critical application files by sending craft...

7CVSS5.8AI score0.00037EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 4:48 p.m.26 views

CVE-2026-22692

CVE-2026-22692 affects October CMS Twig sandbox (CMS_SAFE_MODE). Vulnerable in versions prior to 3.7.13 and 4.0.0–4.1.4; fixed in 3.7.13 and 4.1.5. Root cause: collect()->mapInto() on SafeCollection bypasses SecurityPolicy, allowing authenticated template editors to bypass sandbox. Exploitatio...

6.8CVSS5.8AI score0.00395EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/05 12:2 p.m.4 views

CVE-2026-0589 code-projects Online Product Reservation System Administration Backend improper authentication

A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be us...

7.5CVSS6.2AI score0.00505EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-16582

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00945EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/05/20 7:39 p.m.15 views

The TYPO3 CMS Backend has Broken Authentication in Backend MFA

Problem The multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful...

7.2CVSS7.4AI score0.00409EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/04 11:9 p.m.9 views

CVE-2024-0795

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

7.2CVSS7AI score0.00945EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.8 views

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source development based on ThinkPHP6 + Layui development of a lightweight high-color backend development system. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in the parentField parameter of the index...

9.8CVSS7.7AI score0.00472EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.8 views

PT-2024-31703 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.49 Description: The issue allows authenticated users in the back end to list files outside the document root in the file selector widget. There are no known workarounds for this issue. Recommendations: Update to...

5.3CVSS7AI score0.00427EPSS
Exploits0References11
NVD
NVD
added 2024/03/02 10:15 p.m.16 views

CVE-2024-0795

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

7.2CVSS7AI score0.00945EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/02 9:16 p.m.23 views

CVE-2024-0795 Create user API role not enforced

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

7.2CVSS7.1AI score0.00945EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/02 9:16 p.m.19 views

CVE-2024-0795 Create user API role not enforced

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

7.2CVSS7.2AI score0.00945EPSS
Exploits1References2
OSV
OSV
added 2024/03/02 9:16 p.m.17 views

CVE-2024-0795 Create user API role not enforced

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

7.2CVSS7.1AI score0.00945EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/02 12:0 a.m.6 views

PT-2024-15827 · Softwarex · Softwarex

The affected software is related to a specific application or system that uses admin or manager roles. If an attacker gains access to an instance with the admin or manager role, they can create a new user with an admin role without any backend authentication to prevent it, allowing them to use th...

7.2CVSS7.7AI score0.00945EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.4 views

MQTT 授权问题漏洞

MQTT Message Queuing Telemetry Transport is an ISO standard ISO/IEC PRF 20922 based on the Publish/Subscribe paradigm of messaging protocols, which works on the TCP/IP family of protocols, and is designed for remote devices with low hardware performance and poor network conditions. It works on th...

9.8CVSS8.4AI score0.00191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/25 12:0 a.m.5 views

PT-2022-10515 · Unknown · Veryfitpro

Name of the Vulnerable Software and Affected Versions: VeryFitPro version 3.2.8 Description: The issue allows an attacker in possession of a hashed password to take over a user's account. This is because the password is hashed locally on the device and the hash is used for authentication with the...

7.8CVSS7.6AI score0.00356EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2021/11/10 3:15 p.m.3 views

CVE-2021-43561

An XSS issue was discovered in the googleforjobs aka Google for Jobs extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

5.4CVSS6AI score0.00493EPSS
Exploits0References2
Rows per page
Query Builder