Lucene search
K

151 matches found

CVE
CVE
added 2024/02/27 2:7 p.m.118 views

CVE-2024-0551

CVE-2024-0551 describes an access-control error that allows exporting the database and related data via the default user role for users with prior system access. The export mechanism uses a deterministic name, and the download is initiated by the UI before the export is deleted from the system, i...

7.1CVSS7AI score0.00562EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.4 views

PT-2024-15651 · Git +2 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows exports of the database and associated exported information of the system via the default user role. An attacker would need to have been granted access to the system prior...

7.1CVSS6.9AI score0.00562EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2024/02/15 12:0 a.m.7 views

The vulnerability of the Vinchin Backup & Recovery software for backup and restoration operations, related to the use of default user accounts, allows a perpetrator to escalate their privileges.

The vulnerability of the Vinchin Backup & Recovery software for backup and restoration is related to the use of default user accounts. Exploiting this vulnerability could allow a malicious actor to gain increased privileges from a remote location...

10CVSS7.8AI score0.01101EPSS
Exploits3References5Affected Software1
NVD
NVD
added 2024/01/30 1:15 a.m.13 views

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS9.7AI score0.00731EPSS
Exploits1References1
OSV
OSV
added 2024/01/30 1:15 a.m.3 views

PYSEC-2024-27

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.5 views

CrateDB Security Vulnerability

CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A security vulnerability exists in CrateDB version 5.5.1, which stems from an authentication bypass vulnerability contained in the Admin UI component, which can be bypassed by setting the X-Real IP request header to a specific...

9.8CVSS7.4AI score0.00731EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.3 views

PT-2024-40900 · Crateio · Cratedb

Name of the Vulnerable Software and Affected Versions: CrateDB version 5.5.1 Description: The issue concerns an authentication bypass in the Admin UI component. It can be exploited by setting the X-Real-IP request header to a specific value, allowing access to the Admin UI using the default user...

9.8CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.6 views

PT-2023-30523 · Datahub · Datahub

Name of the Vulnerable Software and Affected Versions: DataHub versions prior to 0.12.1 Description: The issue concerns an open-source metadata platform where sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-u...

8CVSS7.9AI score0.00472EPSS
Exploits0References6
NVD
NVD
added 2023/08/14 5:15 a.m.25 views

CVE-2023-3265

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this...

9.8CVSS9.7AI score0.01509EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2023/07/04 12:0 a.m.161 views

Allhandsmarketing LMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : Allhandsmarketing LMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.5 views

PT-2023-12427 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor plugin for WordPress versions up to, and including 4.1.9 pro and 2.0.6 free Description: The plugin is vulnerable to privilege escalation due to a registration form that allows users to choose the default role fo...

8.8CVSS8.7AI score0.00885EPSS
Exploits0References7
OSV
OSV
added 2023/01/26 9:18 p.m.4 views

CVE-2023-0444

A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privilege...

8.8CVSS7.3AI score0.00992EPSS
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.18 views

Privilege escalation

A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privilege...

6.5CVSS8.7AI score0.00992EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.4 views

CVE-2023-0444

A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privilege...

9AI score0.00992EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.5 views

PT-2022-27786

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2022.10.4 authentik versions prior to 2022.11.4 Description The issue allows any authenticated user to create an arbitrary number of accounts through the default flows, which can circumvent policies where it is...

6.4CVSS6.7AI score0.00539EPSS
Exploits1References7
Prion
Prion
added 2022/12/02 6:15 p.m.21 views

Design/Logic Flaw

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

7.5CVSS9.4AI score0.01177EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.7 views

PT-2022-27762

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2022.11.2 authentik versions prior to 2022.10.2 Description authentik is an open-source identity provider. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that...

9.8CVSS7.3AI score0.01177EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2022/10/17 8:20 a.m.7 views

CVE-2022-2052 TRUMPF TruTops default user accounts vulnerability

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system...

9.8CVSS7AI score0.00621EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/17 8:20 a.m.19 views

CVE-2022-2052 TRUMPF TruTops default user accounts vulnerability

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system...

9.8CVSS9.7AI score0.00621EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/06 4:40 p.m.27 views

CVE-2022-31484 User Account Deletion Unauthenticated

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of...

7.5CVSS7.9AI score0.00973EPSS
Exploits0References1
Rows per page
Query Builder