Lucene search
K

301 matches found

GithubExploit
GithubExploit
β€’added 2025/12/17 3:54 p.m.β€’264 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

CVE-2024-27198 – JetBrains TeamCity Authentication Bypass & RC...

10CVSS8.5AI score0.99938EPSS
Exploits397
Positive Technologies
Positive Technologies
β€’added 2025/12/17 12:0 a.m.β€’13 views

PT-2025-51977

Name of the Vulnerable Software and Affected Versions Open Source Point of Sale versions 3.4.0 through 3.4.1 Description Open Source Point of Sale is a web based point of sale application written in PHP using the CodeIgniter framework. Versions 3.4.0 through 3.4.1 have a Cross-Site Request Forger...

8.8CVSS6.8AI score0.00236EPSS
Exploits4References10
NVD
NVD
β€’added 2025/12/16 5:16 p.m.β€’11 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS0.00567EPSS
Exploits1References4
OSV
OSV
β€’added 2025/12/16 5:6 p.m.β€’7 views

CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.3CVSS6AI score0.00567EPSS
Exploits1References6
Vulnrichment
Vulnrichment
β€’added 2025/12/16 5:6 p.m.β€’2 views

CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS6.3AI score0.00567EPSS
Exploits1References4
CVE
CVE
β€’added 2025/12/16 5:6 p.m.β€’24 views

CVE-2023-53895

PimpMyLog 1.7.14 is affected by an improper access control vulnerability that lets remote attackers create admin accounts via the configuration endpoint (/configuration). The unsanitized username field can be exploited to inject JavaScript, enabling a hidden backdoor and potential access to serve...

9.8CVSS6.3AI score0.00567EPSS
Exploits1References4Affected Software1
EUVD
EUVD
β€’added 2025/12/16 5:6 p.m.β€’6 views

EUVD-2023-60195

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS6.2AI score0.00567EPSS
Exploits1References5
Cvelist
Cvelist
β€’added 2025/12/16 5:6 p.m.β€’33 views

CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS0.00567EPSS
Exploits1References4
Packet Storm
Packet Storm
β€’added 2025/12/16 12:0 a.m.β€’242 views

πŸ“„ Gnuboard 5.6.23 SQL Injection / Code Execution

Gnuboard version 5.6.23 installation exploit that can identify SQL injection and potentially achieve remote code execution. ============================================================================================================================================= | Title : Gnuboard v5.6.23...

9.8CVSS9.1AI score0.05377EPSS
Exploits4
Positive Technologies
Positive Technologies
β€’added 2025/12/16 12:0 a.m.β€’10 views

PT-2025-51743

Name of the Vulnerable Software and Affected Versions PimpMyLog version 1.7.14 Description The software contains an improper access control issue that allows remote attackers to create administrator accounts without authorization through the configuration endpoint. Attackers can exploit the...

9.8CVSS6.4AI score0.00567EPSS
Exploits1References10
EUVD
EUVD
β€’added 2025/12/15 11:7 p.m.β€’4 views

EUVD-2025-203469

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

8.7CVSS6.8AI score0.0059EPSS
Exploits1References7
Cvelist
Cvelist
β€’added 2025/12/15 11:7 p.m.β€’31 views

CVE-2025-58173 FreshRSS vulnerable to authenticated RCE via path traversal inside include()

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

8.7CVSS0.0059EPSS
Exploits1References7
RedhatCVE
RedhatCVE
β€’added 2025/12/11 10:1 p.m.β€’5 views

CVE-2020-36894

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

9.3CVSS7.2AI score0.00723EPSS
Exploits1References1
EUVD
EUVD
β€’added 2025/12/10 9:31 p.m.β€’5 views

EUVD-2020-30832

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.6CVSS6.3AI score0.00233EPSS
Exploits1References5
EUVD
EUVD
β€’added 2025/12/10 9:31 p.m.β€’4 views

EUVD-2020-30838

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

9.3CVSS6.7AI score0.00723EPSS
Exploits1References5
OSV
OSV
β€’added 2025/12/10 9:16 p.m.β€’2 views

CVE-2020-36894

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

7.5CVSS5.8AI score0.00723EPSS
Exploits1References4
OSV
OSV
β€’added 2025/12/10 9:16 p.m.β€’3 views

CVE-2020-36886

SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that automatically submits a form to create a new admin user with full...

8.8CVSS5.7AI score0.00234EPSS
Exploits1References5
CVE
CVE
β€’added 2025/12/10 8:53 p.m.β€’22 views

CVE-2020-36894

CVE-2020-36894 affects Eibiz i-Media Server Digital Signage 3.8.0. The vulnerability is an authentication bypass in which crafted AMF-encoded objects manipulated at /messagebroker/amf allow unauthenticated attackers to create administrator users, bypassing security controls. Multiple connected so...

9.3CVSS6.8AI score0.00723EPSS
Exploits1References4Affected Software1
Metasploit
Metasploit
β€’added 2025/12/10 6:57 p.m.β€’530 views

WordPress King Addons for Elementor Unauthenticated Privilege Escalation to RCE

This module exploits an unauthenticated privilege escalation vulnerability in the WordPress King Addons for Elementor plugin versions 24.12.92 to 51.1.14. The vulnerability exists in the handleregisterajax function which allows unauthenticated attackers to specify the userrole parameter during...

9.8CVSS6.6AI score0.09142EPSS
Exploits4
EUVD
EUVD
β€’added 2025/12/09 9:31 p.m.β€’5 views

EUVD-2021-34725

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

6.9CVSS6.3AI score0.0017EPSS
Exploits0References5
Rows per page
Query Builder