Lucene search
+L

305 matches found

cve
cve
added 2025/12/10 8:53 p.m.25 views

CVE-2020-36894

CVE-2020-36894 affects Eibiz i-Media Server Digital Signage 3.8.0. The vulnerability is an authentication bypass in which crafted AMF-encoded objects manipulated at /messagebroker/amf allow unauthenticated attackers to create administrator users, bypassing security controls. Multiple connected so...

9.3CVSS6.8AI score0.00723EPSS
Exploits1References4Affected Software1
metasploit
metasploit
added 2025/12/10 6:57 p.m.538 views

WordPress King Addons for Elementor Unauthenticated Privilege Escalation to RCE

This module exploits an unauthenticated privilege escalation vulnerability in the WordPress King Addons for Elementor plugin versions 24.12.92 to 51.1.14. The vulnerability exists in the handleregisterajax function which allows unauthenticated attackers to specify the userrole parameter during...

9.8CVSS6.6AI score0.09142EPSS
Exploits4
euvd
euvd
added 2025/12/09 9:31 p.m.7 views

EUVD-2021-34725

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

6.9CVSS6.3AI score0.0017EPSS
Exploits0References5
cve
cve
added 2025/12/09 8:46 p.m.19 views

CVE-2021-47730

CVE-2021-47730 affects Selea Targa IP OCR-ANPR Camera and is a cross-site request forgery that allows an attacker to create an admin user without authentication. The provided documents state that a malicious page can submit a form to add a new administrator with full system privileges when a logg...

8.8CVSS6.4AI score0.00221EPSS
Exploits1References5Affected Software1
cvelist
cvelist
added 2025/12/09 8:46 p.m.25 views

CVE-2021-47730 Selea Targa IP Camera Cross-Site Request Forgery via Admin Creation

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user...

8.5CVSS0.00221EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2025/12/09 8:46 p.m.4 views

CVE-2021-47730 Selea Targa IP Camera Cross-Site Request Forgery via Admin Creation

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user...

8.5CVSS6.4AI score0.00221EPSS
Exploits1References5
cvelist
cvelist
added 2025/12/09 8:41 p.m.22 views

CVE-2021-47723 STVS ProVision Cross-Site Request Forgery (Add Admin)

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

6.9CVSS0.0017EPSS
Exploits0References4
cve
cve
added 2025/12/09 8:41 p.m.13 views

CVE-2021-47723

CVE-2021-47723 affects STVS ProVision 5.9.10 and is a Cross-Site Request Forgery vulnerability where unvalidated HTTP requests allow an attacker to perform actions with admin privileges (e.g., create new admin users). The Red Hat and EUVD entries mirror this description. No exploitation details a...

8.8CVSS6.5AI score0.0017EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2025/12/09 8:41 p.m.4 views

CVE-2021-47723 STVS ProVision Cross-Site Request Forgery (Add Admin)

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

6.9CVSS6.5AI score0.0017EPSS
Exploits0References4
packetstorm
packetstorm
added 2025/12/04 12:0 a.m.193 views

📄 WordPress AI Engine 3.1.3 Remote Code Execution

This Metasploit module exploits an unauthenticated vulnerability in the WordPress AI Engine plugin versions less than or equal to 3.1.3. The vulnerability allows an attacker to create an administrator account via the MCP Model Context Protocol endpoint without authentication. The module supports...

9.8CVSS8.2AI score0.75063EPSS
Exploits5
cve
cve
added 2025/11/21 6:17 a.m.16 views

CVE-2025-62189

Summary: CVE-2025-62189 affects LogStare Collector, with an incorrect authorization in the UserRegistration component that could allow a non-administrative user to create new accounts via a crafted HTTP request. The issue is corroborated across multiple sources (NVD, Red Hat, JVN, CVE listings). ...

5.3CVSS6.4AI score0.00207EPSS
Exploits0References2Affected Software1
osv
osv
added 2025/11/19 4:15 p.m.10 views

CVE-2025-63221

The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...

9.1CVSS5.9AI score0.00487EPSS
Exploits1References2
nvd
nvd
added 2025/11/19 4:15 p.m.8 views

CVE-2025-63221

The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...

9.1CVSS0.00487EPSS
Exploits1References2
euvd
euvd
added 2025/11/19 3:31 p.m.5 views

EUVD-2025-198156

The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

9.8CVSS6.6AI score0.0059EPSS
Exploits1References3
nvd
nvd
added 2025/11/19 3:15 p.m.6 views

CVE-2025-63218

The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

9.8CVSS0.0059EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/11/19 12:0 a.m.2 views

CVE-2025-63223

The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

6.7AI score0.00698EPSS
Exploits1References2
cve
cve
added 2025/11/19 12:0 a.m.16 views

CVE-2025-63218

The CVE-2025-63218 vulnerability affects Axel Technology WOLF1MS and WOLF2MS devices (firmware 0.8.5–1.0.3). It is caused by Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint, enabling unauthenticated remote attackers to list user accounts, create administr...

9.8CVSS6.7AI score0.0059EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2025/11/14 12:0 a.m.16 views

PT-2025-46973

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 8.0.1 Description: A relative path traversal vulnerability exists in Fortinet FortiWeb versions 7.0.0 through 8.0.1. This flaw allows an unauthenticated attacker to execute administrative commands on t...

10CVSS6.2AI score0.8936EPSS
Exploits17References204
redhatcve
redhatcve
added 2025/11/12 6:59 a.m.15 views

CVE-2025-11855

The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...

7.5CVSS6.7AI score0.00215EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/11/11 12:0 a.m.13 views

PT-2025-46301

Name of the Vulnerable Software and Affected Versions age-restriction WordPress plugin versions through 3.0.2 Description The age-restriction WordPress plugin does not have proper authorisation within the age restrictionRemoteSupportRequest function. This allows authenticated users, even those wi...

7.3CVSS6.5AI score0.00215EPSS
Exploits0References6
Rows per page
Query Builder