Lucene search
K

365 matches found

Nuclei
Nuclei
added 12 hours ago80 views

Horde Groupware Unauthenticated Admin Access

Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account wi...

10CVSS6.1AI score0.07986EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-47047

Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall NGFW affected versions not specified Description A command injection issue exists in the Captive Portal Custom Handler. An administrative account logged into the user interface ca...

7CVSS5.8AI score0.0988EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/27 2:54 a.m.4 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/03/17 8:15 a.m.5 views

CVE-2026-4312

GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...

9.8CVSS0.0045EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/17 7:29 a.m.4 views

CVE-2026-4312 DrangSoft|GCB/FCB Audit Software - Missing Authentication

GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account...

9.8CVSS5.9AI score0.0045EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.2 views

CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

6.9CVSS5.7AI score0.00155EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/17 9:22 p.m.5 views

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS5.8AI score0.00299EPSS
Exploits0References1
CVE
CVE
added 2026/02/17 8:45 p.m.16 views

CVE-2026-23595

CVE-2026-23595 describes an authentication bypass in the application API that allows an attacker to create unauthorized administrative accounts, enabling privileged access and potential data/configuration manipulation. Public entries consolidate this description across NVD/Red Hat/CIRCL/attackerk...

8.8CVSS5.7AI score0.00299EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.5 views

PT-2026-7993

Name of the Vulnerable Software and Affected Versions HPESBNW05002 rev.1 Description An authentication bypass in the application API allows the creation of an unauthorized administrative account. A remote attacker could exploit this to create privileged user accounts, potentially gaining...

8.8CVSS5.5AI score0.00299EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.7 views

CVE-2023-49233

Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of...

8.8CVSS6.9AI score0.00384EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 4:15 p.m.3 views

CVE-2020-36908

SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full...

8.8CVSS5.7AI score0.00231EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/01/05 2:31 p.m.25 views

CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie Awie import module allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0...

9.8CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/01/05 2:31 p.m.17 views

CVE-2025-15026

CVE-2025-15026 affects Centreon Infra Monitoring, specifically the centreon-awie (Awie import module). The root cause is a missing authentication check for a critical function, allowing access to functionality not properly constrained by ACLs. Affected versions are: 25.10.0–25.10.1 (before 25.10....

9.8CVSS6.6AI score0.00373EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/11/17 4:15 p.m.6 views

CVE-2025-63747

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can ga...

9.8CVSS0.00385EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.9 views

PT-2025-47157

Name of the Vulnerable Software and Affected Versions QaTraq version 6.9.2 Description The software ships with default administrative account credentials enabled, allowing immediate login via the web application login page. An attacker reaching the login page can gain administrative access due to...

9.8CVSS6.8AI score0.00385EPSS
Exploits1References4
CNVD
CNVD
added 2025/10/31 12:0 a.m.2 views

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29088)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the creation of an undocument...

10CVSS6.6AI score0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-3920

Malware in sbrugna...

7.5CVSS6.4AI score0.02199EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-0569

Malware in sbrugna...

6.8CVSS6.3AI score0.00642EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-6871

Malware in sbrugna...

5CVSS6.4AI score0.02229EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-8883

Malware in sbrugna...

8.8CVSS8.8AI score0.00778EPSS
Exploits1References4
Rows per page
Query Builder