Lucene search
K

35 matches found

EUVD
EUVD
added 2026/06/26 1:11 a.m.9 views

EUVD-2026-39600

A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52651

Name of the Vulnerable Software and Affected Versions Revive Adserver version 6.0.7 Description An authentication bypass exists in the XML-RPC API. The ox.login method returns a session ID cookie in the HTTP headers even when the method returns an error. Because the associated session is not...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.5 views

CVE-2025-67446

Improper Authentication Authentication Bypass exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value e.g., setting it to "admin", an attacker can bypass the authentication schema and gain...

9.8CVSS5.8AI score0.00454EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24980

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

8.8CVSS5.8AI score0.00432EPSS
Exploits1References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/05 3:36 a.m.9 views

EC-CUBE vulnerable to multi-factor authentication bypass

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-30777 EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LT...

6.9CVSS5.8AI score0.00339EPSS
Exploits0References5
CVE
CVE
added 2026/02/24 12:0 a.m.10 views

CVE-2025-63409

CVE-2025-63409 affects GCOM EPON 1GE C00R371V00B01. The vulnerability is described as privilege escalation and improper access control, allowing remote authenticated users to modify administrator-only settings and extract administrator credentials. The CVSS 3.1 base score is 8.8 ( HIGH ) with net...

8.8CVSS5.4AI score0.00293EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/21 7:27 p.m.6 views

CVE-2025-55734

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

6.9CVSS7.2AI score0.00341EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/21 12:0 a.m.4 views

CVE-2025-52352

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to...

7.4AI score0.00538EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/17 3:28 a.m.17 views

CVE-2025-8342

The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwpajaxregister function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to...

8.1CVSS7.7AI score0.00598EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.9 views

CVE-2022-46071

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access...

9.8CVSS8.1AI score0.0431EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.5 views

PT-2024-12905 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue is caused by insufficient authorization checks, allowing a remote attacker to bypass security restrictions. By authenticating as an OpenPages user and using non-public...

8.8CVSS7.3AI score0.00701EPSS
Exploits0References8
NVD
NVD
added 2022/12/14 6:15 p.m.12 views

CVE-2022-46071

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access...

9.8CVSS0.0431EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/14 12:0 a.m.9 views

CVE-2022-46071

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access...

8.4AI score0.0431EPSS
Exploits1References2
OSV
OSV
added 2022/08/25 11:15 p.m.3 views

CVE-2022-36117

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...

3.1CVSS5.8AI score0.00562EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/10/22 12:0 a.m.45 views

The vulnerability of the software-hardware complex for protecting information from unauthorized access—“Akord-V”—is related to the violation of established role assignments. This allows an intruder to bypass the access restrictions for resources of the ABI/AVI system for the system administrators and execute arbitrary code on behalf of the system.

The vulnerability of the software-hardware complex for protecting information from unauthorized access, “Akord-V,” is related to the violation of established role assignments. Exploiting this vulnerability allows an intruder to bypass the access restrictions for ARMs of types ABI/AVI for ARM...

7.4CVSS6AI score
Exploits0Affected Software1
OSV
OSV
added 2020/01/05 11:15 p.m.4 views

CVE-2019-20004

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router...

8.8CVSS7.3AI score0.01169EPSS
Exploits0References2
CNVD
CNVD
added 2018/04/13 12:0 a.m.3 views

CMS Made Simple Elevation of Privilege Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMSMS 2.2.6 and...

8.8CVSS6.9AI score0.00766EPSS
Exploits1References1
exploitpack
exploitpack
added 2016/11/03 12:0 a.m.23 views

sNews 1.7.1 - Arbitrary File Upload

sNews 1.7.1 - Arbitrary File Upload Exploit Title : Snews CMS upload sheller Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 04/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link :...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution

No description provided by source...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/11/18 12:0 a.m.23 views

chCounter 3.1.3 - SQL Injection

chCounter 3.1.3 - SQL Injection !/usr/bin/python Exploit Title: chCounter = 3.1.3 SQLInjection Date: 2010/11/18 Author: Matias [email protected]. Software Link: http://chcounter.org/chCounter3/getfile.php?id=5 Version: 3.1.3 Tested on: Ubuntu Server 10.04 with apache...

0.3AI score
Exploits0
Rows per page
Query Builder