Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25 matches found

EUVD
EUVDadded 2026/03/16 3:30 p.m.3 views

EUVD-2013-7290

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

6.9CVSS5.7AI score0.00043EPSS
Exploits1References4
CVE
CVEadded 2026/03/15 6:34 p.m.4 views

CVE-2013-20005

CVE-2013-20005 (Qool CMS 2.0 RC2) is a cross-site request forgery allowing an attacker to forge POST requests to /admin/adduser and create root-level user accounts without user consent. Affected software is Qool CMS 2.0 RC2; the root cause is insufficient CSRF protections on admin actions. The im...

6.9CVSS5.7AI score0.00043EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/15 6:34 p.m.19 views

CVE-2013-20005 Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

6.9CVSS0.00043EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/15 6:34 p.m.0 views

CVE-2013-20005

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

5.7AI score0.00043EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/03/06 3:31 p.m.2 views

EUVD-2018-21652

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

6.9CVSS5.7AI score0.0009EPSS
Exploits1References3
NVD
NVDadded 2026/03/06 1:16 p.m.2 views

CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

8.8CVSS0.0009EPSS
Exploits1References2
OSV
OSVadded 2026/03/06 1:16 p.m.1 views

CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

8.8CVSS5.7AI score0.0009EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/06 12:19 p.m.0 views

CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

6.9CVSS5.7AI score0.0009EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/06 12:19 p.m.0 views

CVE-2018-25200 OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

6.9CVSS5.7AI score0.0009EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/11/26 12:42 a.m.4 views

CVE-2025-51744

An issue was discovered in jishenghua JSHERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...

9.8CVSS7.1AI score0.00146EPSS
Exploits0References1
NVD
NVDadded 2025/11/25 9:15 p.m.3 views

CVE-2025-51744

An issue was discovered in jishenghua JSHERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...

9.8CVSS0.00146EPSS
Exploits0References4
OSV
OSVadded 2025/11/25 9:15 p.m.2 views

CVE-2025-51744

An issue was discovered in jishenghua JSHERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...

9.8CVSS7AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/11/25 12:0 a.m.8 views

PT-2025-48083

An issue was discovered in jishenghua JSH ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...

7.1AI score0.00146EPSS
Exploits0References5
CVE
CVEadded 2025/11/25 12:0 a.m.5 views

CVE-2025-51744

CVE-2025-51744 affects jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is reported to be vulnerable to fastjson deserialization attacks. The CVSS 3.1 base score is 9.8 (CRITICAL) with network attack vector, no privileges required, no user interaction, and high impact on confidentiality, inte...

9.8CVSS6.7AI score0.00146EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-24135

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00109EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2025/08/11 9:2 a.m.2 views

CVE-2025-8839 jshERP Endpoint addUser improper authorization

A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...

6.5CVSS7.2AI score0.00109EPSS
Exploits1References4
NVD
NVDadded 2025/03/12 2:15 p.m.3 views

CVE-2025-25709

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints...

7.5CVSS0.00062EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/03/12 12:0 a.m.6 views

CVE-2025-25709

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints...

7.5CVSS7.2AI score0.00062EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/03/12 12:0 a.m.6 views

CVE-2025-25709

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints...

7.5CVSS0.00062EPSS
Exploits0References1
CVE
CVEadded 2025/03/12 12:0 a.m.42 views

CVE-2025-25709

Technical details beyond the reported description are not publicly available in the provided connected documents. Monitor for updates from the vendor and CVE databases for affected product/version, impact, and fixes.

7.5CVSS7.7AI score0.00062EPSS
Exploits0References1
Rows per page
Query Builder