Lucene search
K

8 matches found

NVD
NVD
added yesterday5 views

CVE-2026-54003

Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the...

9.1CVSS
Exploits0References8
CVE
CVE
added yesterday20 views

CVE-2026-54003

Summary of CVE-2026-54003 (Kirby CMS) : Affected Kirby installations with no configured user accounts, running behind a reverse proxy that sets Forwarded, X-Client-IP, or X-Real-IP headers could allow remote attackers to install the Panel and create the first admin user. This occurs on releases p...

9.1CVSS6AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-54003

Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the...

9.1CVSS6AI score
Exploits0References9Affected Software1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-54003 Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header

Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the...

9.1CVSS
Exploits0References8
CVE
CVE
added 2025/09/19 6:55 p.m.21 views

CVE-2022-4980

General Bytes CAS suffered an authentication bypass in the admin web interface affecting versions 20201208–20220531.38 (backport) and 20220725.22 (mainline). An unauthenticated attacker could hit the default/install/first-admin page to create a new admin account, gain privileges, and redirect fun...

9.3CVSS6.8AI score0.00813EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/19 6:55 p.m.1 views

CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page

General Bytes Crypto Application Server CAS beginning with version 20201208 prior to 20220531.38 backport and 20220725.22 mainline contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation /...

9.3CVSS6.8AI score0.00813EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/19 6:55 p.m.11 views

CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page

General Bytes Crypto Application Server CAS beginning with version 20201208 prior to 20220531.38 backport and 20220725.22 mainline contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation /...

9.3CVSS0.00813EPSS
Exploits0References6
Prion
Prion
added 2022/04/25 11:15 a.m.23 views

Design/Logic Flaw

It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint...

5CVSS7.3AI score0.02313EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder