Lucene search
K

13 matches found

NVD
NVD
added last week8 views

CVE-2026-58656

Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: , allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token...

8.7CVSS0.00271EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 10:23 p.m.5 views

CVE-2026-42289

ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an...

8.8CVSS5.8AI score0.00128EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/02 8:57 p.m.6 views

CVE-2026-21483 listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user Super Admin views or previews this content, the...

6.4CVSS6.1AI score0.00198EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-2969

Malware in sbrugna...

10CVSS9.5AI score0.01566EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 a.m.6 views

CVE-2017-8218

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password...

10CVSS9.6AI score0.02016EPSS
Exploits2References1
Hacker One
Hacker One
added 2020/08/20 2:48 a.m.164 views

Shopify: Stocky App Administrator can create a backdoor admin account by using an existing POS User

Details The Stocky App has POS Users that are being created once a POS Staff logs in into the application from the Point Of Sale application on a mobile device. From the users management page located at https://stocky.shopifyapps.com/users there's no visible way to edit those POS users. Although,...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2020/02/24 12:0 a.m.73 views

AMSS++ 4.7 - Backdoor Admin Account

AMSS++ 4.7 - Backdoor Admin Account Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.rar Dork : แนะนำให้ใช้บราวเซอร์...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/24 12:0 a.m.182 views

AMSS++ 4.7 - Backdoor Admin Account

Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.rar Dork : แนะนำให้ใช้บราวเซอร์ Google Chrome "AMSS++"...

7.4AI score
Exploits0
CVE
CVE
added 2018/07/24 4:0 p.m.36 views

CVE-2018-14583

XYHCMS 3.5 is affected by a Cross-Site Request Forgery (CSRF) in the URL xyhai.php?s=/Auth/addUser, which can be used to add a background administrator account. The vulnerability is described across multiple sources as CVE-2018-14583. The provided connected documents confirm the affected componen...

8.8CVSS8.5AI score0.00494EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2017/04/10 3:59 a.m.15 views

CVE-2015-2887

iBaby M3S has a password of admin for the backdoor admin account...

10CVSS9.6AI score0.01405EPSS
Exploits0References1
CVE
CVE
added 2017/04/10 3:0 a.m.55 views

CVE-2015-2887

The CVE-2015-2887 entry affects the iBaby M3S video baby monitor, where a backdoor admin account is protected by the default password “admin.” Public sources (NVD entry) assign a NETWORK attack vector with high impact, and CNVD-2017-05189 describes a privilege-acquisition vulnerability enabling O...

10CVSS9.5AI score0.01405EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/04/10 3:0 a.m.19 views

CVE-2015-2887

iBaby M3S has a password of admin for the backdoor admin account...

9.7AI score0.01405EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2004/08/23 12:0 a.m.44 views

Axis Network Camera 2.x And Video Server 1-3 - HTTP Authentication Bypass

source: https://www.securityfocus.com/bid/11011/info A hardcoded backdoor administrative-user issue allows remote attackers to administer affected devices. This likely cannot be disabled. This issue is reported to affect: - Axis StorePoint CD E100 CD-ROM Server with firmware version 5.30 ?php...

7.4AI score
Exploits0
Rows per page
Query Builder