Lucene search
K

23 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/19 11:39 p.m.5 views

CVE-2026-32760

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...

10CVSS5.8AI score0.00677EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:31 p.m.4 views

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/17 5:22 a.m.10 views

CVE-2025-12641

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS5.7AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/16 4:44 a.m.25 views

CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS0.00363EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/16 4:44 a.m.4 views

CVE-2025-12641

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS5.5AI score0.00363EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-14710

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00352EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23993

Malicious code in bioql PyPI...

6.9CVSS6.5AI score0.00277EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/08 4:14 p.m.3 views

CVE-2025-47872 EG4 Electronics EG4 Inverters Observable Discrepancy

The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gai...

6.9CVSS6.7AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.6 views

PT-2025-32367 · Eg4 Electronics · Eg4 12000Xp +6

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The public-facing product registration endpoint server responds differently based on the status of the serial number S/N – whether it is valid and unregistere...

6.9CVSS6.5AI score0.00277EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/04/11 4:0 p.m.5 views

CVE-2025-32374

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8...

7.5CVSS6.7AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2025/04/09 4:15 p.m.19 views

CVE-2025-32374

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8...

7.5CVSS0.00352EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/09 3:46 p.m.5 views

Denial of Service (DoS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Denial of Service DoS through the public registration form. Details Denial of Service DoS describes a family of attacks, all aime...

8.2CVSS7AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 2025/04/09 3:14 p.m.5 views

CVE-2025-32374 Possible Denial of Service (DoS) in DNN.PLATFORM registration

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8...

5.9CVSS6.4AI score0.00352EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.4 views

DNN 安全漏洞

DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable and feature-rich. A security vulnerability exists in DNN, which stems from the fact that specially crafted...

7.5CVSS6.2AI score0.00352EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.4 views

PT-2025-15706 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.8 Description: The issue concerns a possible denial of service that can be triggered by submitting specially crafted information in the public registration form. Recommendations: For versions pri...

7.5CVSS6.2AI score0.00352EPSS
Exploits0References7
Hacker One
Hacker One
added 2021/01/04 1:48 p.m.17 views

Rocket.Chat: Registration bypass with leaked Invite Token

The Rocket.Chat API route 'validateInviteToken' was vulnerable to a registration bypass attack. The route allowed unauthenticated users to guess valid invite tokens by sending a crafted JSON payload with a regular expression. Once a valid token was obtained, the user could access private channels...

7AI score
Exploits0
OSV
OSV
added 2020/03/11 3:53 p.m.2 views

DRUPAL-CONTRIB-2020-006

This module enables you to authenticate Drupal users using an external SAML Identity Provider. If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesn't sufficiently enforce the administrative approval requirement, in the...

6.5AI score
Exploits0References1
Drupal
Drupal
added 2020/03/11 12:0 a.m.11 views

SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006

This module enables you to authenticate Drupal users using an external SAML Identity Provider. If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesn't sufficiently enforce the administrative approval requirement, in the...

6.4AI score
Exploits0References6
Packet Storm
Packet Storm
added 2017/04/14 12:0 a.m.74 views

Coppermine Gallery 1.5.44 Directory Traversal

Coppermine Gallery = 1.5.44 directory traversal vulnerability ============================================================== Coppermine is a multi-purpose fully-featured and integrated web picture gallery script written in PHP using GD or ImageMagick as image library with a MySQL backend. A...

0.3AI score
Exploits0
The Hacker Blog
The Hacker Blog
added 2016/05/30 6:19 a.m.19 views

XSS Hunter is Now Open Source &#8211; Here&#8217;s How to Set It Up!

Recently I opened up XSS Hunter for public registration, this was after publishing a post on how I used XSS Hunter to hack GoDaddy via blind XSS and pointed out that many penetration testers use a very limited alert box-based pentesting methodology which will not detect these types of issues. Aft...

6.7AI score
Exploits0
Rows per page
Query Builder