Lucene search
K

17 matches found

Cvelist
Cvelist
added 2026/06/25 9:41 p.m.19 views

CVE-2025-71327 Flowise - Authentication Bypass via Unprotected Registration Endpoint

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS0.0046EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.33 views

CVE-2018-25397 PHP-SHOP 1.0 Cross-Site Request Forgery via users.php

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

6.9CVSS0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/16 3:28 p.m.9 views

EUVD-2020-31233

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts...

6.9CVSS5.8AI score0.00146EPSS
Exploits0References4
CVE
CVE
added 2026/03/17 7:29 a.m.13 views

CVE-2026-4312

Affected product: DrangSoft GCB/FCB Audit Software. Vulnerability: Missing Authentication, enabling unauthenticated remote attackers to directly access APIs and create a new administrative account. Impact/risks: High impact on confidentiality, integrity, and availability as per CVSS metrics (CRIT...

9.8CVSS5.9AI score0.0045EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/06 3:31 p.m.4 views

EUVD-2018-21652

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

6.9CVSS5.7AI score0.00155EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/06 9:11 a.m.50 views

CVE-2026-3589 WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF

The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via a CSRF attack for example...

0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/18 12:0 a.m.3 views

CVE-2025-70062

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery CSRF vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts privileged users ...

5.9AI score0.00173EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.10 views

WordPress Plugin 'LA Studio Element Kit for Elementor' < 1.6.0 Unauthenticated Privilege Escalation via Backdoor

The WordPress application running on the remote host has a version of the 'LA Studio Element Kit for Elementor' plugin that is prior to 1.6.0. It is, therefore, affected by an unauthenticated privilege escalation vulnerability. The plugin contains a backdoor that allows unauthenticated attackers ...

9.8CVSS5.9AI score0.01078EPSS
Exploits5References3
NVD
NVD
added 2026/02/03 10:16 p.m.5 views

CVE-2020-37091

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...

5.3CVSS0.0015EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-4837

Malware in sbrugna...

6.5CVSS6.6AI score0.0079EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/27 12:0 a.m.17 views

CVE-2020-18418

A Cross site request forgery CSRF vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert...

8.8AI score0.00384EPSS
Exploits1References2
OSV
OSV
added 2022/10/17 4:15 p.m.3 views

CVE-2022-23771

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrar...

8.8CVSS5.9AI score0.00275EPSS
Exploits0References1
OSV
OSV
added 2018/10/17 10:29 p.m.3 views

CVE-2018-0417

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific...

7.8CVSS5.9AI score0.03163EPSS
Exploits0References3
NVD
NVD
added 2011/08/15 7:55 p.m.20 views

CVE-2011-0551

Cross-site request forgery CSRF vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection SEP 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts...

6.8CVSS7AI score0.00642EPSS
Exploits0References5
NVD
NVD
added 2010/06/15 2:30 p.m.12 views

CVE-2010-2268

Cross-site request forgery CSRF vulnerability in authcfg.cgi in Accoria Web Server aka Rock Web Server 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts...

6.8CVSS7.1AI score0.00606EPSS
Exploits1References2
Cvelist
Cvelist
added 2010/06/14 7:0 p.m.20 views

CVE-2010-2268

Cross-site request forgery CSRF vulnerability in authcfg.cgi in Accoria Web Server aka Rock Web Server 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts...

7.1AI score0.00606EPSS
Exploits1References2
Cvelist
Cvelist
added 2006/04/11 11:0 p.m.34 views

CVE-2006-0015

Cross-site scripting XSS vulnerability in vtibin/vtiadm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the 1...

5.9AI score0.24408EPSS
Exploits1References11
Rows per page
Query Builder