Lucene search
+L

110 matches found

CVE
CVE
added 2026/05/08 9:59 p.m.21 views

CVE-2026-44987

SysReptor (fully customizable pentest reporting platform) has a privilege-escalation issue in versions before 2026.29: users with User Admin permissions can change the emails of users with Superuser permissions. If the installed forgot-password feature is enabled (non-default), these users can re...

3.8CVSS5.7AI score0.00162EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 9:59 p.m.8 views

CVE-2026-44987 SysReptor: Privilege Escalation from User Admin to Superuser

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

3.8CVSS5.7AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 9:59 p.m.10 views

EUVD-2026-28870

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

3.8CVSS5.7AI score0.00162EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 9:59 p.m.51 views

CVE-2026-44987 SysReptor: Privilege Escalation from User Admin to Superuser

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

3.8CVSS0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.19 views

PT-2026-39211

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...

3.8CVSS5.8AI score0.00162EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/05 12:0 a.m.5 views

rConfig RCE (CVE-2020-10221)

The version of rConfig installed on the remote host is affected by a remote code executionvulnerability, as follows: - The flaw exists due to insufficient input validation in the userAdmin.inc.php component, which allows an unauthenticated attacker to upload arbitrary files to the server. By...

9CVSS8.5AI score0.36754EPSS
Exploits5References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2434

Malware in sbrugna...

8.8CVSS8.8AI score0.01177EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-4375

Malware in sbrugna...

4.6CVSS6.4AI score0.00348EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-31652

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00495EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-19722

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00519EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2024-26032

Malicious code in bioql PyPI...

4.7CVSS5.2AI score0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-53902

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00614EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-42182

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.02256EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5793

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01604EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-3057

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00272EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-3878

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00569EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/29 9:29 p.m.12 views

CVE-2025-54875 FreshRSS: Unauthorized creation of admin user when registration is enabled

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...

9.8CVSS0.00495EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.6 views

pybbs 安全漏洞

pybbs is a community platform for Java development by iuiu individual developers. A security vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from a weak password requirement in the function update in the file...

6.3CVSS4.9AI score0.00432EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 11:57 a.m.6 views

CVE-2025-0057

SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...

4.8CVSS5.7AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2025/04/22 6:16 p.m.11 views

CVE-2025-43947

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...

7.3CVSS0.00299EPSS
Exploits1References2
Rows per page
Query Builder