39 matches found
CVE-2026-29198
In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...
PT-2026-34579
In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...
PT-2026-41203
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description LDAP and OAuth authentication flows use a Time-of-Check-Time-of-Use TOCTOU pattern—a race condition where a system checks a condition and then uses the result of that check, but the condition...
EUVD-2026-11210
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...
CVE-2026-1471
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...
PT-2026-24726
Name of the Vulnerable Software and Affected Versions Neo4j Enterprise edition versions prior to 2026.01.4 Description Excessive caching of authentication context in Neo4j Enterprise edition allows authenticated users to inherit the context of the first user who authenticated after a restart. Thi...
CVE-2024-9104
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the 'ultimateaichangepass' function. This makes it possible for unauthenticated...
CVE-2024-7767
An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete chats created by an Admin. This can lead to unauthorized access to sensitive information, loss of data integrity, and...
Danswer 安全漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A security vulnerability exists in Danswer version v0.3.94, which stems from improper access control and allows the first user to view, modify, and delete...
PT-2024-39432 · WordPress · Ultimateai
Name of the Vulnerable Software and Affected Versions: UltimateAI plugin for WordPress versions up to, and including, 2.8.3 Description: The issue is due to the improper empty value check and a missing default activated value check in the ultimate ai change pass function. This allows...
PT-2024-39867 · WordPress · Pedalo Connector
Name of the Vulnerable Software and Affected Versions: The Pedalo Connector plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is due to insufficient restriction on the login admin user function, making it possible for unauthenticated attackers to log in as the first...
USN-6106-1 calamares-settings-ubuntu vulnerability
It was discovered that calamares-settings-ubuntu allowed creating the first user with a blank password, contrary to expectations...
PT-2023-36311 · Unknown · Calamares-Settings-Ubuntu
Name of the Vulnerable Software and Affected Versions: calamares-settings-ubuntu affected versions not specified Description: It was discovered that calamares-settings-ubuntu allowed creating the first user with a blank password, contrary to expectations. Recommendations: At the moment, there is ...
SUSE CVE-2013-4480
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts...
Upgraded Q -> M from #113 [1674422768939]
Judge has assessed an item in Issue 113 as M risk. The relevant finding follows: During handling the open fees, the tigAsset is distributed to gov. But, it is not approved before to be consumed by gov. So, the first user's transaction to initiate a market order, will fail. During handling the clo...
Information Disclosure
loopback is vulnerable to information disclosure. Invalid API requests to the login endpoint may return information about the first user in the database...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-41494)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 5.8.0, which stems from the fact that the first user created is sometimes the system administrator. An attacker could exploit...
PT-2013-5035 · Red Hat · Red Hat Satellite
Name of the Vulnerable Software and Affected Versions: Red Hat Satellite versions 5.6 and earlier Description: The issue allows remote attackers to create administrator accounts due to the web interface not being disabled. Recommendations: For Red Hat Satellite versions 5.6 and earlier, disable t...
DEBIAN-CVE-2009-2762
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key array variable in a resetpass aka rp action, which bypasses a check that assumes that $key is not an array...