Lucene search
K

39 matches found

Cvelist
Cvelist
added 2026/04/22 11:30 p.m.41 views

CVE-2026-29198

In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...

0.00416EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34579

In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...

5.8AI score0.00416EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.11 views

PT-2026-41203

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description LDAP and OAuth authentication flows use a Time-of-Check-Time-of-Use TOCTOU pattern—a race condition where a system checks a condition and then uses the result of that check, but the condition...

8.1CVSS5.8AI score0.00354EPSS
Exploits1References10
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11210

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

2.1CVSS5.8AI score0.00244EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:30 p.m.1 views

CVE-2026-1471

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

2.1CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24726

Name of the Vulnerable Software and Affected Versions Neo4j Enterprise edition versions prior to 2026.01.4 Description Excessive caching of authentication context in Neo4j Enterprise edition allows authenticated users to inherit the context of the first user who authenticated after a restart. Thi...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.5 views

CVE-2024-9104

The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the 'ultimateaichangepass' function. This makes it possible for unauthenticated...

5.6CVSS7.4AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-7767

An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete chats created by an Admin. This can lead to unauthorized access to sensitive information, loss of data integrity, and...

8.1CVSS6.6AI score0.00555EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

Danswer 安全漏洞

Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A security vulnerability exists in Danswer version v0.3.94, which stems from improper access control and allows the first user to view, modify, and delete...

8.1CVSS6.5AI score0.00555EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.5 views

PT-2024-39432 · WordPress · Ultimateai

Name of the Vulnerable Software and Affected Versions: UltimateAI plugin for WordPress versions up to, and including, 2.8.3 Description: The issue is due to the improper empty value check and a missing default activated value check in the ultimate ai change pass function. This allows...

5.6CVSS7.5AI score0.00322EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.9 views

PT-2024-39867 · WordPress · Pedalo Connector

Name of the Vulnerable Software and Affected Versions: The Pedalo Connector plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is due to insufficient restriction on the login admin user function, making it possible for unauthenticated attackers to log in as the first...

9.8CVSS7AI score0.00905EPSS
Exploits0References12
OSV
OSV
added 2023/05/24 2:33 p.m.2 views

USN-6106-1 calamares-settings-ubuntu vulnerability

It was discovered that calamares-settings-ubuntu allowed creating the first user with a blank password, contrary to expectations...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.3 views

PT-2023-36311 · Unknown · Calamares-Settings-Ubuntu

Name of the Vulnerable Software and Affected Versions: calamares-settings-ubuntu affected versions not specified Description: It was discovered that calamares-settings-ubuntu allowed creating the first user with a blank password, contrary to expectations. Recommendations: At the moment, there is ...

6.8AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.2 views

SUSE CVE-2013-4480

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts...

7.5CVSS6.9AI score0.02134EPSS
Exploits0References4
Code423n4
Code423n4
added 2023/01/22 12:0 a.m.12 views

Upgraded Q -> M from #113 [1674422768939]

Judge has assessed an item in Issue 113 as M risk. The relevant finding follows: During handling the open fees, the tigAsset is distributed to gov. But, it is not approved before to be consumed by gov. So, the first user's transaction to initiate a market order, will fail. During handling the clo...

6.8AI score
Exploits0
Veracode
Veracode
added 2020/09/03 3:26 a.m.10 views

Information Disclosure

loopback is vulnerable to information disclosure. Invalid API requests to the login endpoint may return information about the first user in the database...

2AI score
Exploits0
CNVD
CNVD
added 2020/06/22 12:0 a.m.4 views

Unspecified Vulnerability in Mattermost Server (CNVD-2020-41494)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 5.8.0, which stems from the fact that the first user created is sometimes the system administrator. An attacker could exploit...

7.5CVSS6.7AI score0.00891EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2013/11/15 12:0 a.m.7 views

PT-2013-5035 · Red Hat · Red Hat Satellite

Name of the Vulnerable Software and Affected Versions: Red Hat Satellite versions 5.6 and earlier Description: The issue allows remote attackers to create administrator accounts due to the web interface not being disabled. Recommendations: For Red Hat Satellite versions 5.6 and earlier, disable t...

7.5CVSS6.4AI score0.02134EPSS
Exploits0References6
OSV
OSV
added 2009/08/13 4:30 p.m.1 views

DEBIAN-CVE-2009-2762

wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key array variable in a resetpass aka rp action, which bypasses a check that assumes that $key is not an array...

7.5CVSS7.1AI score0.19636EPSS
Exploits1References1
Rows per page
Query Builder