Lucene search
K

153 matches found

Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57576

Name of the Vulnerable Software and Affected Versions Leantime versions prior to 3.8.1 Description Improper authorization occurs within the JSON-RPC Endpoint component when the role argument is manipulated in the editUser or addUser functions. This allows a remote attacker to bypass authorization...

6.5CVSS6.7AI score0.00333EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 5:17 p.m.6 views

CVE-2026-44961

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing...

0.00338EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.20 views

CVE-2026-44961

The CVE-2026-44961 entry affects Revive Adserver’s XML‑RPC addUser API. The flaw is a validation bypass introduced in the fix for CVE-2025‑55129, enabling username-based impersonation or stored XSS unless proper validation is present. The available documents confirm that correct validation has no...

5.8AI score0.00338EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.5 views

EUVD-2026-38504

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing...

5.4CVSS5.9AI score0.00338EPSS
Exploits2References1
CVE
CVE
added 2026/05/14 2:19 p.m.19 views

CVE-2026-41932

CVE-2026-41932 affects Vvveb prior to 1.0.8.3. The Signup::addUser() controller copies raw POST username values into the display_name field before sanitization, so HTML/script submitted in the username during signup is stripped in the username column but stored verbatim in display_name. When disp...

6.1CVSS5.8AI score0.00218EPSS
Exploits0References3
Hacker One
Hacker One
added 2026/04/17 1:4 p.m.19 views

Revive Adserver: Stored XSS via malicious usernames in audit log details + Username validation bypass in XML‑RPC addUser

Vulnerability description not provided...

5.8AI score0.00339EPSS
Exploits1
EUVD
EUVD
added 2026/03/31 9:31 p.m.7 views

EUVD-2026-17663

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

9CVSS7.6AI score0.00715EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:15 p.m.2 views

CVE-2026-5213

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

9CVSS6.3AI score0.00715EPSS
Exploits1References5Affected Software20
EUVD
EUVD
added 2026/03/16 3:30 p.m.7 views

EUVD-2013-7290

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

6.9CVSS5.7AI score0.00232EPSS
Exploits1References4
NVD
NVD
added 2026/03/16 2:17 p.m.8 views

CVE-2013-20005

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

6.9CVSS0.00232EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25714

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

6.9CVSS5.7AI score0.00232EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.23 views

CVE-2013-20006 Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

8.7CVSS0.00356EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.1 views

CVE-2013-20005

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

5.7AI score0.00232EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.26 views

CVE-2013-20005 Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

6.9CVSS0.00232EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.3 views

CVE-2013-20005 Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

6.9CVSS5.7AI score0.00232EPSS
Exploits1References3
CVE
CVE
added 2026/03/15 6:34 p.m.8 views

CVE-2013-20005

CVE-2013-20005 (Qool CMS 2.0 RC2) is a cross-site request forgery allowing an attacker to forge POST requests to /admin/adduser and create root-level user accounts without user consent. Affected software is Qool CMS 2.0 RC2; the root cause is insufficient CSRF protections on admin actions. The im...

6.9CVSS5.7AI score0.00232EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/06 3:31 p.m.5 views

EUVD-2018-21652

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

6.9CVSS5.7AI score0.00155EPSS
Exploits1References3
NVD
NVD
added 2026/03/06 1:16 p.m.8 views

CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

8.8CVSS0.00155EPSS
Exploits1References2
OSV
OSV
added 2026/03/06 1:16 p.m.4 views

CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

8.8CVSS5.7AI score0.00155EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.2 views

CVE-2018-25200 OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

6.9CVSS5.7AI score0.00155EPSS
Exploits1References2
Rows per page
Query Builder