CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

OSV•added 2026/03/18 2:25 p.m.•2 views

GHSA-VG28-83RP-8XX4 Frigte has broken access control viewer user can delete admin and other users account

Summary Users with the viewer role can delete admin and other users account. It this leads to denial of service and affects data integrity. Details Endpoint DELETE /api/users/admin is enable to anonymous user. PoC I deleted admin user on demo.frigate.video: Impact It this leads to denial of servi...

7.1CVSS5.8AI score0.00058EPSS

Exploits1References4

ICS•added 2026/01/29 7:0 a.m.•4 views

KiloView Encoder Series (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to create or delete administrator accounts, granting full administrative control. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

9.8CVSS5.6AI score0.00115EPSS

Exploits0References13

OSV•added 2025/05/23 2:15 p.m.•0 views

UBUNTU-CVE-2025-3580

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...

5.5CVSS7.1AI score0.00097EPSS

Exploits0References3

CVE•added 2025/05/23 1:44 p.m.•168 views

CVE-2025-3580

CVE-2025-3580 (Grafana Open Source) : An access-control flaw in the DELETE /api/org/users/ endpoint allows an Organization administrator to permanently delete the Server administrator account. If the sole Server admin is deleted, the Grafana instance becomes unmanageable with no super-user permis...

5.5CVSS5.5AI score0.00097EPSS

In wildExploits0References1

Positive Technologies•added 2025/01/13 12:0 a.m.•2 views

PT-2025-1457 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions = 11.0.33 Description: The issue concerns incorrect access control, allowing users with low privileges to delete administrator accounts. This can be achieved by sending a request to the...

8.1CVSS6.8AI score0.00147EPSS

Exploits0References5

Positive Technologies•added 2023/05/08 12:0 a.m.•2 views

PT-2023-11615 · Beescms · Beescms

Name of the Vulnerable Software and Affected Versions: beescms version 4 Description: A Cross Site Request Forgery CSRF issue allows attackers to delete the administrator account via a crafted request to "/admin/admin admin.php". This can be exploited by sending a malicious request to the specifi...

6.5CVSS6.4AI score0.00193EPSS

Exploits1References4

Prion•added 2021/11/24 4:15 p.m.•11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page...

4.3CVSS6.6AI score0.00108EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/11/24 8:25 a.m.•15 views

CVE-2021-20842

6.8AI score0.00108EPSS

Exploits1References2

CNNVD•added 2021/08/30 12:0 a.m.•1 views

Indexhibit 跨站请求伪造漏洞

Indexhibit is a web-based content management system. A cross-site request forgery vulnerability exists in Indexhibit version 2.1.5. An attacker can exploit this vulnerability to arbitrarily delete an administrator account...

6.5CVSS5.4AI score0.00098EPSS

Exploits1References1

Prion•added 2021/08/20 8:15 p.m.•10 views

Cross site request forgery (csrf)

A cross site request forgery CSRF vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts...

4.3CVSS8AI score0.00093EPSS

Exploits1References1Affected Software1

Prion•added 2018/05/12 4:29 a.m.•17 views

Cross site request forgery (csrf)

An issue was discovered in YXcms 1.4.7. Cross-site request forgery CSRF vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel...

4.3CVSS6.6AI score0.00114EPSS

Exploits1References1Affected Software1

seebug.org•added 2014/07/01 12:0 a.m.•14 views

TomatoCart 1.0.1 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: TomatoCart 1.0.1 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Sun 11 Jul 2010 05:01:51 PM EEST Vendor: http://www.tomatocart.com/ Download:...

7.1AI score

Exploits0

exploitpack•added 2012/04/03 12:0 a.m.•16 views

Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery (Add Admin Add Event)

Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery Add Admin Add Event +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple PHP Agenda = 2.2.8 CSRF Add Admin - Add Event Date : 29-03-2012 Author...

6.8CVSS6.8AI score0.00686EPSS

Exploits6

Packet Storm•added 2012/03/30 12:0 a.m.•35 views

Simple PHP Agenda 2.2.8 Cross Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple Php Agenda = 2.2.8 CSRF Add Admin/Add New Event Date : 29-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link :...

6.8CVSS0.2AI score0.00686EPSS

Exploits6

0day.today•added 2010/07/11 12:0 a.m.•13 views

TomatoCart 1.0.1 Multiple CSRF Vulnerabilities

Exploit for php platform in category web applications ============================================== TomatoCart 1.0.1 Multiple CSRF Vulnerabilities ============================================== Date: Sun 11 Jul 2010 05:01:51 PM EEST Vendor: http://www.tomatocart.com/ Download:...

7.1AI score

Exploits0

Exploit DB•added 2010/07/11 12:0 a.m.•17 views

TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Date: Sun 11 Jul 2010 05:01:51 PM EEST Vendor: http://www.tomatocart.com/ Download: http://www.tomatocart.com/component/extensionmanage/?task=downloadfiles&file=tomatocart-1.0.1.zip --- -= CSRF PoC 1 - Create Admin User =- TomatoCart 1.0.1 Multiple CSRF Vulnerabilities - Create Admin User -= CSRF...

7.4AI score

Exploits0

exploitpack•added 2010/07/11 12:0 a.m.•18 views

TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities

TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Sun 11 Jul 2010 05:01:51 PM EEST Vendor: http://www.tomatocart.com/ Download: http://www.tomatocart.com/component/extensionmanage/?task=downloadfiles&file=tomatocart-1.0.1.zip --- -= CSRF PoC 1 - Create Admin User =-...

0.5AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by