EUVD-2026-12839

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

CVE-2026-22238

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful...

CVE-2026-22238

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful...

CVE-2025-63221

The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...

EUVD-2025-25750

Malicious code in bioql PyPI...

CVE-2025-57760

Langflow contains a privilege-escalation vulnerability in its container runtime: an authenticated user with RCE can invoke the CLI binary at /app/.venv/bin/langflow (langflow superuser) to create a new administrative user, granting full superuser access and compromising the instance. Affected beh...

Ulicms 2023.1 - create admin user via mass assignment

Exploit Title: Ulicms 2023.1 - create admin user via mass assignment Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: create admin user via mass assignment Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)

ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Date: 2020-03-26 Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author:...

Rconfig 3.x Chained Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...

RedwoodHQ 2.5.5 - Authentication Bypass Vulnerability

Exploit for multiple platform in category web applications -- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link...

RedwoodHQ 2.5.5 Authentication Bypass

-- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link: https://redwoodhq.com/redwood-download/ Tested on: Ubuntu...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator user via an add action to admin/index.php or 2 conduct static PHP code injection attacks via...

Prediction League 0.3.8 CSRF Create Admin User Exploit

No description provided by source...

Limny 2.0 - Create Admin User CSRF Exploit

No description provided by source...

TomatoCart 1.0.1 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: TomatoCart 1.0.1 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Sun 11 Jul 2010 05:01:51 PM EEST Vendor: http://www.tomatocart.com/ Download:...

Orbis CMS 1.0.2 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: Orbis CMS 1.0.2 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Sun 11 Jul 2010 08:08:10 PM EEST Vendor: http://www.novo-ws.com/orbis-cms/ Download: http://www.ohloh.net/p/orbis-cms/download?filename=orbis-1.0.2.zip --- -= CSRF Po...

Zenphoto CMS 1.3 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Wed 14 Jul 2010 12:48:56 PM EEST Vendor: http://www.zenphoto.org/ Download: http://zenphoto.googlecode.com/files/zenphoto-1.3.tar.gz --- -= CSRF PoC 1 - Change Admin...

Grafik CMS 1.1.2 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: Grafik CMS 1.1.2 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Mon 12 Jul 2010 07:07:22 PM EEST Vendor: http://www.grafik-power.com/grafikcms/ Download: None --- -= CSRF PoC 1 - Change Admin Password =- html head titleGrafik CMS...

Social CMS 1.0.2 Cross Site Request Forgery

Date: Wed 20 april 2011 11:18:22 AM Vendor: www.socialcms.com Download: http://sourceforge.net/projects/socialcms/ --- input type="hidden" name="INconfigurat...

Zomplog CMS 3.9 Cross Site Request Forgery / Cross Site Scripting

Date: Sun 15 Aug 2010 04:33:33 PM EEST Vendor: http://www.zomp.nl/zomplog/ Download: http://www.zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip --- -= CSRF PoC 1 - Change Admin Password =- Zomplog CMS 3.9 Multiple XSS/CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Create Admin User...