Lucene search
K

518 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-19274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization whe...

7.2CVSS7.3AI score0.05201EPSS
Exploits1References2
OSV
OSV
added 2025/08/20 4:16 a.m.4 views

CVE-2025-57789

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...

5.4CVSS5.8AI score0.01104EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 3:22 a.m.26 views

CVE-2025-57789

CVE-2025-57789 – Commvault initial administrator login vulnerability . The issue occurs in the setup window between installation and the first administrator login, where remote attackers may exploit the default credentials to gain admin control. Affected versions include Commvault 11.32.x before ...

5.4CVSS6.6AI score0.01104EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.8 views

PT-2025-33722 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A cross-site scripting issue exists due to manipulation of the alias argument within the scheduled events.shtm file. The attack can be executed remotely. The vendor states that exploitation likely requir...

5.1CVSS3.7AI score0.00268EPSS
Exploits1References12
CVE
CVE
added 2025/08/13 8:54 p.m.23 views

CVE-2011-10013

CVE-2011-10013 affects Traq versions 2.0–2.3. The vulnerability resides in admincp/common.php where flawed authorization allows unauthenticated access to admin-only functionality via plugins.php, enabling remote code execution. Documented exploit references exist (e.g., Exploit-DB entries; Metasp...

10CVSS8.6AI score0.01489EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/13 8:54 p.m.12 views

CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...

10CVSS0.01489EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/08/13 8:54 p.m.5 views

CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...

10CVSS8.6AI score0.01489EPSS
Exploits0References6
OSV
OSV
added 2025/08/01 5:15 a.m.3 views

CVE-2025-8435

A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched...

6.9CVSS5.5AI score0.00375EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.4 views

Code-Projects Online Movie Streaming 安全漏洞

Code-Projects Online Movie Streaming is an online movie streaming software from Code-Projects open source. A security vulnerability exists in Code-Projects Online Movie Streaming version 1.0, which stems from a lack of authorization due to incorrect manipulation of the parameter ID in the file...

7.5CVSS7.3AI score0.00375EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.7 views

PT-2025-31605 · Unknown · Code-Projects Online Movie Streaming

Name of the Vulnerable Software and Affected Versions: code-projects Online Movie Streaming version 1.0 Description: A critical issue exists in code-projects Online Movie Streaming 1.0 related to missing authorization. The vulnerability is located in an unknown functionality of the...

7.5CVSS7AI score0.00375EPSS
Exploits1References8
NCSC
NCSC
added 2025/07/18 1:12 p.m.6 views

Vulnerability fixed in Keycloak

Red Hat has fixed a vulnerability in Keycloak. The vulnerability is in the way Keycloak handles privileged users. A privileged user can gain full administrative control over a realm, which can lead to unauthorized changes to user roles and configurations. This is especially risky in environments...

6.5CVSS6.9AI score0.00368EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:46 a.m.12 views

CVE-2024-23335

MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...

4.7CVSS6.6AI score0.00559EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.15 views

CVE-2023-41362

MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP...

7.2CVSS7.2AI score0.01641EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 12:12 a.m.11 views

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

4.9CVSS7.2AI score0.00645EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:57 p.m.6 views

CVE-2022-23904

Rainworx Auctionworx 3.1R2 is vulnerable to a Cross-Site Request Forgery CSRF attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition...

8CVSS7AI score0.00432EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:51 p.m.7 views

CVE-2022-30863

FUDForum 3.1.2 is vulnerable to Cross Site Scripting XSS via pagetitle param in Page Manager in the Admin Control Panel...

4.8CVSS6AI score0.00534EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:50 p.m.12 views

CVE-2022-30860

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...

7.2CVSS7.5AI score0.22985EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.8 views

CVE-2021-24814

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

9.6CVSS6.8AI score0.02085EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:9 p.m.11 views

CVE-2021-21286

AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the...

8.8CVSS6.8AI score0.0077EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:55 p.m.9 views

CVE-2020-25121

The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options...

4.8CVSS5.8AI score0.00669EPSS
Exploits1
Rows per page
Query Builder