Lucene search
K

136 matches found

Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-34810

Name of the Vulnerable Software and Affected Versions SenseLive X3050 affected versions not specified Description The embedded management service in the SenseLive config application lacks authentication and authorization. This allows any reachable host to establish full administrative control and...

9.8CVSS5.3AI score0.00546EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/07 12:0 a.m.5 views

CVE-2026-31272

MRCMS 3.1.2 contains an access control vulnerability. The save method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication...

5.9AI score0.00577EPSS
Exploits1References2
OSV
OSV
added 2026/04/03 9:37 p.m.7 views

GHSA-X8HC-FQV3-7GWF Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity

Summary According to SignalK's security documentation, when a server is first initialized without security enabled, the /skServer/enableSecurity endpoint is intentionally exposed to allow the owner to set up the initial admin account. This initial open access is by design. However, the critical...

9.4CVSS6AI score0.00418EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/02 8:44 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing restoreTenant from the adminMutationMWConfig. An attacker can overwrite the entire database, read arbitrary server-side files, and perform server-side request forgery by sending crafted requests to t...

10CVSS5.9AI score0.00452EPSS
Exploits1References2
OSV
OSV
added 2026/04/02 8:44 p.m.2 views

GHSA-P5RH-VMHP-GVCW Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

10CVSS6AI score0.00452EPSS
Exploits1References5
NVD
NVD
added 2026/04/02 8:16 p.m.3 views

CVE-2024-14034

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication...

9.8CVSS0.00456EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 12:38 a.m.3 views

CVE-2026-33890 MyTube has an Unauthenticated Admin Privilege Escalation via Passkey Registration

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...

9.3CVSS6AI score0.00492EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/17 9:41 p.m.3 views

CVE-2026-32841 Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients

Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any...

9.2CVSS5.8AI score0.00596EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/17 9:31 a.m.5 views

EUVD-2026-12547

GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...

9.8CVSS5.9AI score0.0045EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/06 3:31 p.m.4 views

EUVD-2018-21623

Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...

5.3CVSS5.7AI score0.00217EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/04 7:37 a.m.11 views

CVE-2026-1492

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a...

9.8CVSS5.9AI score0.25532EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 1:51 p.m.7 views

CVE-2025-15498

Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. This issue was identified in version 1.2.0 of this software. Due to lack of response from...

9.3CVSS5.9AI score0.0047EPSS
Exploits0References3
OSV
OSV
added 2026/02/20 8:43 a.m.10 views

BIT-MILVUS-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability

Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...

9.3CVSS5.7AI score0.0107EPSS
Exploits0References5
OSV
OSV
added 2026/02/15 4:15 p.m.7 views

CVE-2026-26366

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials user:user, admin:admin that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitiv...

9.8CVSS5.8AI score0.00652EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.5 views

CVE-2026-25893

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has...

10CVSS6.2AI score0.00677EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/07 5:16 p.m.182 views

Exploit for CVE-2026-23550

🔥 CVE-2026-23550 Modular DS Scanner Multi-threaded Python scan...

10CVSS5.4AI score0.20631EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.6 views

FreePBX 13.x < 13.0.197.14 / 14.x < 14.0.13.12 / 15.x < 15.0.16.27 Remote Admin Authentication Bypass

The version of FreePBX installed on the remote host is 13.x prior to 13.0.197.14, 14.x prior to 14.0.13.12, or 15.x prior to 15.0.16.27. It is, therefore, affected by an authentication bypass vulnerability: - Sangoma FreePBX has incorrect access control that allows unauthenticated remote attacker...

9.8CVSS8.7AI score0.36615EPSS
Exploits1References2
CVE
CVE
added 2026/02/03 10:1 p.m.12 views

CVE-2020-37091

Maian Support Helpdesk 4.3 is affected by a cross-site request forgery (CSRF) vulnerability that allows attackers to create administrative accounts without authentication. Exploitation involves crafting malicious HTML forms to add admin users and upload PHP files via the FAQ attachment system, en...

5.3CVSS5.2AI score0.0015EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.28 views

CVE-2020-37091 Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...

5.3CVSS0.0015EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-5841

Name of the Vulnerable Software and Affected Versions Maian Support Helpdesk version 4.3 Description The software contains a cross-site request forgery condition that permits attackers to create administrative accounts without needing to authenticate. Attackers can construct malicious HTML forms ...

5.3CVSS5.2AI score0.0015EPSS
Exploits0References5
Rows per page
Query Builder