Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2026/03/27 5:48 a.m.3 views

Cross-Site Request Forgery (CSRF)

github.com/1panel-dev/1panel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections such as anti-CSRF tokens or Origin/Referer validation, which allows an attacker to trick an authenticated user into submitting a malicious request to change the...

7.1CVSS7.1AI score0.00041EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/03/27 12:0 a.m.5 views

UBUNTU-CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.8AI score0.00042EPSS
Exploits1References3
CVE
CVEadded 2026/01/28 6:51 p.m.8 views

CVE-2025-68659

Summary of CVE-2025-68659 (Discourse) : A DoS at the application level exists in the username-change path. Versions before 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 are affected where sending large JSON payloads to PUT /u//preferences/username can cause server delays and resource exhaustion, degr...

5.3CVSS5.9AI score0.00169EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2025/12/10 4:16 p.m.2 views

CVE-2025-34410

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7.1CVSS6.7AI score
Exploits0References3
CNNVD
CNNVDadded 2024/10/11 12:0 a.m.2 views

MiroTalk 安全漏洞

MiroTalk is a simple, secure, and fast real-time videoconferencing software from the individual developer Miroslav Pejic. A security vulnerability exists in MiroTalk versions prior to 9de226 that stems from improper access control and allows an attacker to arbitrarily change a username by sending...

7.5CVSS6.6AI score0.00334EPSS
Exploits0References4
CNVD
CNVDadded 2020/11/16 12:0 a.m.1 views

CMSuno Code Injection Vulnerability

CMSUno is an easy and handy tool for creating one-page responsive websites. A code injection vulnerability exists in CMSuno 1.6.2. The vulnerability can be exploited to inject malicious PHP code as a "username" when changing a username and password, which can be used to run commands on the server...

8.8CVSS7.7AI score0.06323EPSS
Exploits3References1
CNVD
CNVDadded 2018/11/02 12:0 a.m.1 views

WUZHI CMS Cross-Site Request Forgery Vulnerability (CNVD-2019-09137)

WUZHI CMS is five fingers WUZHI company based on PHP and MySQL open source content management system CMS. WUZHI CMS 4.1.0 exists cross-site request forgery vulnerability, an attacker can change the super administrator's username via index.php?m=core&f=panel&v=editinf to take advantage of this...

8.8CVSS8.8AI score0.00168EPSS
Exploits1References1
Rows per page
Query Builder