Lucene search
K

328 matches found

OSV
OSV
added 2026/04/16 11:36 p.m.6 views

BIT-AUTHENTIK-2023-46249 authentik potential installation takeover when default admin user is deleted

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

9.8CVSS5.5AI score0.00654EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.6 views

SUSE CVE-2026-32760

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...

10CVSS5.8AI score0.00677EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.3 views

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 8:16 a.m.4 views

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/03/20 6:16 a.m.30 views

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS0.00672EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/20 5:25 a.m.8 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.5AI score0.00672EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 5:25 a.m.23 views

CVE-2026-33037

The CVE concerns WWBN AVideo. In versions ≤25.0, the official Docker deployment files ship with the admin password set to “password,” which is used to seed the admin account during installation unless SYSTEM_ADMIN_PASSWORD is overridden. This creates immediate administrative takeover risk, with f...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/20 5:25 a.m.3 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/20 2:41 a.m.5 views

Incorrect Privilege Assignment

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the signupHandler function. An attacker can gain full administrative privileges by registering a new account when self-registration is...

10CVSS5.9AI score0.00677EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/16 2:56 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the plugin installation process on CI test instances with default admin credentials. An attacker can execute arbitrary code and access sensitive configuration data by uploading a malicious plugin after changin...

6.6CVSS6.2AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 2:56 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the plugin installation process on CI test instances with default admin credentials. An attacker can execute arbitrary code and access sensitive configuration data by uploading a malicious plugin after changin...

6.6CVSS6.2AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:19 p.m.8 views

CVE-2026-2462

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS0.00328EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 12:0 p.m.4 views

CVE-2026-2462 Admin RCE via Malicious Plugin Upload on CI Test Instances

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS7.3AI score0.00328EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

6.6CVSS6.2AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.15 views

PT-2026-25700

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS6.4AI score0.00328EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 6:31 a.m.6 views

EUVD-2023-31322

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

9CVSS5.7AI score0.00493EPSS
Exploits1References4
NVD
NVD
added 2026/03/11 6:17 a.m.5 views

CVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

9.8CVSS0.00493EPSS
Exploits1References3
OSV
OSV
added 2026/03/11 12:0 a.m.5 views

CVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

9CVSS5.7AI score0.00493EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/11 12:0 a.m.3 views

CVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

9CVSS5.7AI score0.00493EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/04 1:44 p.m.4 views

CVE-2026-22886

OpenMQ exposes a TCP-based management service imqbrokerd that by default requires authentication. However, the product ships with a default administrative account admin/ admin and does not enforce a mandatory password change on first use. After the first successful login, the server continues to...

9.8CVSS6AI score0.00402EPSS
Exploits0References1
Rows per page
Query Builder