Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.18 views

CVE-2020-12687

An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...

6.5CVSS6.6AI score0.00968EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/15 6:30 p.m.3 views

EUVD-2025-203398

An unauthenticated Broken Function Level Authorization BFLA vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request...

8.2CVSS6.2AI score0.00256EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/03 9:53 p.m.4 views

CVE-2024-13998 Nagios XI < 2024R1.1.3 API Keys & Hashed Passwords Authenticated Information Disclosure

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse ...

6CVSS6AI score0.00949EPSS
Exploits0References3
Prion
Prion
added 2024/01/03 4:15 p.m.26 views

Design/Logic Flaw

CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cau...

4CVSS7AI score0.00555EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/03 3:35 p.m.29 views

CVE-2023-46738 Authenticated users can crash the CubeFS servers with maliciously crafted requests

CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cau...

6.5CVSS6.6AI score0.00555EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.2 views

countly-server 授权问题漏洞

countly-server is the server-side component of Countly, a product analytics solution. An authorization issue vulnerability exists in version 22.x prior to countly-server 22.03.7 and version 21.x prior to 21.11.4, which can be exploited by an attacker to reset passwords and take over accounts...

8.1CVSS7.7AI score0.01294EPSS
Exploits0References5
Wired Threat Level
Wired Threat Level
added 2021/08/29 1:0 p.m.27 views

6 Things You Need to Do to Prevent Getting Hacked

You are your own biggest weakness, but changing just a few of your behaviors can reduce the chances that your online accounts get breached...

2.8AI score
Exploits0
ThreatPost
ThreatPost
added 2020/12/21 9:48 p.m.108 views

Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat

Breakups can be traumatic in all sorts of ways. Now we know they can pose a serious cybersecurity threat too. A new survey found that an alarming number of people are still accessing their exes’ accounts without their knowledge — a handful for malicious reasons. The survey conducted during Novemb...

7.4AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/05/05 3:55 p.m.35 views

GoDaddy Hack Breaches Hosting Account Credentials

UPDATE GoDaddy, the world’s largest domain name registrar, is warning customers that attackers may have obtained their web hosting account credentials. An “unauthorized individual” was able to access users’ login details in an intrusion that the company said took place back in October — the compa...

0.9AI score
Exploits0References9
CNVD
CNVD
added 2020/02/03 12:0 a.m.2 views

WordPress Code Snippets Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin Code Snippets. An attacker can exploit the...

8.8CVSS6.7AI score0.11905EPSS
Exploits2References1
CNVD
CNVD
added 2019/09/24 12:0 a.m.1 views

Logic Flaw Vulnerability in RG-SAM Campus Network Self-Service System

Ruijie RG-SAM authentication and billing management system not only supports the high integration of software and hardware to form a highly available solution, but also adds value-added profit and other functions to provide users with a win-win cooperation solution with a flexible mode of...

7AI score
Exploits0
Prion
Prion
added 2019/09/23 11:15 a.m.10 views

Cross site request forgery (csrf)

kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cmsuseradd.php...

6.8CVSS8.7AI score0.00603EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2019/09/05 9:4 a.m.1 views

Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

Twitter today finally decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers. Dorsey's Twitter account was compromised last...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/04/13 5:55 p.m.134 views

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft's customer support portal an...

1.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/03/13 8:56 p.m.55 views

Ad Network Sizmek Probes Account Breach

Online advertising firm Sizmek Inc. NASDAQ: SZMK says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an...

7.3AI score
Exploits0
CNVD
CNVD
added 2018/02/28 12:0 a.m.1 views

One Call Doctor APP has arbitrary account password retrieval vulnerability

The One Call Doctor App is an app for the doctor community that focuses on helping people with quick and easy consultations after a consultation. There is an arbitrary account password retrieval vulnerability in One Call Doctor APP. The vulnerability is due to the server did not do accurate...

7AI score
Exploits0
seebug.org
seebug.org
added 2015/11/09 12:0 a.m.207 views

WordPress 利用 XMLRPC 爆破

Author: RickGray 知道创宇404安全实验室 Date: 2015-10-09 xmlrpc 是 WordPress 中进行远程调用的接口,而使用 xmlrpc 调用接口进行账号爆破在很早之前就被提出并加以利用。近日 SUCURI 发布文章介绍了如何利用 xmlrpc 调用接口中的 system.multicall 来提高爆破效率,使得成千上万次的帐号密码组合尝试能在一次请求完成,极大的压缩请求次数,在一定程度上能够躲避日志的检测。 原理分析 WordPress 中关于 xmlrpc 服务的定义代码主要位于 wp-includes/class-IXR.php 和...

7.1AI score
Exploits0
CERT
CERT
added 2002/09/16 12:0 a.m.16 views

x_news allows unauthorized users to access administrative menu

Overview xnews allows a user to authenticate without supplying the user's plaintext password. Description xnews is a system for managing news. When a user logs in to xnews version 1.1 using a plaintext password, xnews hashes the password with MD5 and compares it to user's hash stored in the file...

7.1AI score
Exploits0References2
Rows per page
Query Builder