30 matches found
CVE-2026-40471
hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative actions. Some unauthenticated actions could also be abus...
CVE-2026-40471 Hackage CSRF vulnerability
hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative actions. Some unauthenticated actions could also be abus...
CVE-2026-40041
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...
CVE-2026-40041
CVE-2026-40041 affects Pachno 1.0.6 and describes a cross-site request forgery (CSRF) vulnerability arising from missing CSRF protections on state-changing endpoints. Attackers can craft requests that execute actions in an authenticated user context via attacker-controlled sites, targeting login,...
PT-2026-32495
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...
CVE-2025-63214
An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts...
EUVD-2024-32837
Malicious code in bioql PyPI...
CVE-2025-9610 code-projects Online Event Judging System create_account.php sql injection
A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /createaccount.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicl...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication in the registration feature. An attacker with a registered user account can create user accounts that can access private data even when registration is disabled...
CVE-2024-12171
CVE-2024-12171 affects the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress. The vulnerability is a privilege-escalation flaw caused by a missing capability check on the eh_crm_agent_add_user AJAX action, affecting all versions up to and including 3.2.6. This allows authen...
CVE-2024-8458
The CVE-2024-8458 entry concerns PLANET Technology switch models whose web interface is vulnerable to Cross-Site Request Forgery (CSRF). Affected component: the web application on certain PLANET switch devices. Root cause: CSRF in the web front end allows an unauthenticated remote attacker to tri...
grafana: email addresses and usernames cannot be trusted
An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality a...
SUSE CVE-2022-39306
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...
Keycloak: Incorrect authorization allows unpriviledged users to create other users
A flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...
Microsoft Windows Media Base Memory Corruption Vulnerability
Microsoft Windows is a desktop operating system from Microsoft. A security vulnerability exists in Microsoft Windows Media Base. An attacker could exploit the vulnerability to install programs; view, change, or delete data; or create new accounts with full user rights...
Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2020-54910)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows, which can be exploite...
CVE-2020-1571
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or...
CVE-2020-1554
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...
Microsoft Windows Diagnostics Hub Elevation of Privilege Vulnerability
Windows Server is the brand name of a series of server operating systems released by Microsoft, which includes all Windows operating systems released under the brand name "Windows Server". An elevation of privilege vulnerability exists in Microsoft Windows Diagnostics Hub, which arises from a...
CVE-2019-1162
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view...