298 matches found
EUVD-2025-30276
Malicious code in bioql PyPI...
EUVD-2025-31652
Malicious code in bioql PyPI...
EUVD-2025-28630
Malicious code in bioql PyPI...
EUVD-2025-25181
Malicious code in bioql PyPI...
EUVD-2022-39337
Malicious code in bioql PyPI...
EUVD-2025-25065
Malicious code in bioql PyPI...
CVE-2025-54875
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...
CVE-2025-54875
CVE-2025-54875 affects FreshRSS up to 1.26.3. An unprivileged attacker can register a new admin user when registration is enabled by manipulating the hidden field new_user_is_admin on the user management page. Impact is privilege escalation to admin with high confidentiality/integrity/availabilit...
CVE-2025-54875 FreshRSS: Unauthorized creation of admin user when registration is enabled
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...
CVE-2025-54875 FreshRSS: Unauthorized creation of admin user when registration is enabled
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...
PT-2025-39904
Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.16.0 through 1.26.3 Description FreshRSS is a free, self-hostable RSS aggregator. An unprivileged attacker can create a new administrator user when registration is enabled. This is achieved through manipulation of a hidden...
CVE-2022-4980
General Bytes Crypto Application Server CAS beginning with version 20201208 prior to 20220531.38 backport and 20220725.22 mainline contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation /...
CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page
General Bytes Crypto Application Server CAS beginning with version 20201208 prior to 20220531.38 backport and 20220725.22 mainline contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation /...
Linux Distros Unpatched Vulnerability : CVE-2015-7685
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to...
CVE-2025-58430
listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie session there included nonce. The value is not checked and validated by the backend, removing nonce allows the requests to be...
PT-2025-36937
Name of the Vulnerable Software and Affected Versions listmonk versions 1.1.0 and earlier Description listmonk, a standalone newsletter and mailing list manager, is susceptible to a chain of vulnerabilities involving Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS. Specifically, the...
CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in...
CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in...
CVE-2025-51488
A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin...
Cross-site Scripting (XSS)
Overview moonshine/moonshine is a Laravel administration panel Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name parameter when creating a new Admin, due to improper sanitization of user input. Details Cross-site scripting or XSS is a code vulnerability tha...