CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

OSV•added 2026/05/06 4:59 p.m.•1 views

GHSA-H27V-PH7W-M9FP Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

Summary An unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without authentication, and the request-encryption flow only protects payload confidentiality in...

8.1CVSS5.9AI score0.00104EPSS

Exploits1References4

Vulnrichment•added 2026/05/04 8:9 p.m.•2 views

CVE-2026-42221 nginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable...

8.1CVSS5.8AI score0.00104EPSS

Exploits1References2

CVE•added 2026/05/04 8:9 p.m.•10 views

CVE-2026-42221

Summary: CVE-2026-42221 affects nginx-ui versions 2.0.0 through 2.3.7, where an unauthenticated attacker can claim the initial administrator account during first-run via the public /api/install endpoint. The installation flow and public keys are not authenticated, allowing an attacker to set admi...

9.8CVSS5.8AI score0.00104EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-13165

Malware in sbrugna...

7.5CVSS7.6AI score0.0065EPSS

Exploits1References2

OSV•added 2024/01/11 5:15 p.m.•3 views

CVE-2024-0414

A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public...

9.8CVSS4.9AI score0.00278EPSS

Exploits0References3

OSV•added 2024/01/11 5:15 p.m.•1 views

CVE-2024-0413

A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the publ...

9.8CVSS4.8AI score

Exploits0References3

CNNVD•added 2024/01/11 12:0 a.m.•3 views

DeShang DSCMS Access Control Error Vulnerability

DeShang DSCMS is a website builder for enterprise websites from DeShang, China. An access control error vulnerability exists in DeShang DSCMS prior to version 3.1.2, which stems from the file public/install.php that causes incorrect access control...

9.8CVSS6.7AI score0.00278EPSS

Exploits0References4

CNNVD•added 2024/01/11 12:0 a.m.•2 views

DeShang DSShop Access Control Error Vulnerability

DeShang DSShop is a single-store mobile mall online store system from DeShang, China. The access control error vulnerability exists in DeShang DSShop prior to version 3.1.0. The vulnerability stems from the file public/install.php of the component HTTP GET Request Handler, which results in...

9.8CVSS6.8AI score0.00278EPSS

Exploits0References4

Positive Technologies•added 2024/01/11 12:0 a.m.•3 views

PT-2024-15536 · Deshang · Deshang Dscms

Name of the Vulnerable Software and Affected Versions: DeShang DSKMS versions up to 3.1.2 Description: A vulnerability was found in DeShang DSKMS, affecting some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated...

9.8CVSS5.7AI score0.00278EPSS

Exploits0References8

CNNVD•added 2024/01/11 12:0 a.m.•2 views

DeShang DSMall Access Control Error Vulnerability

DeShang DSMall is a multi-user mall system from DeShang, China. An Access Control Error vulnerability exists in DeShang DSMall prior to version 6.1.0, which stems from the file public/install.php of the component HTTP GET Request Handler that results in incorrect access control...

7.5CVSS6.8AI score0.0023EPSS

Exploits0References4

Positive Technologies•added 2024/01/11 12:0 a.m.•3 views

PT-2024-15535 · Deshang · Deshang Dsshop

Name of the Vulnerable Software and Affected Versions: DeShang DSShop versions up to 3.1.0 Description: A vulnerability was found in the HTTP GET Request Handler component, specifically affecting the file public/install.php. This issue leads to improper access controls and can be initiated...

9.8CVSS5.5AI score0.00278EPSS

Exploits0References8

CNNVD•added 2024/01/11 12:0 a.m.•8 views

DeShang DSKMS Access Control Error Vulnerability

DeShang DSKMS is a professional content payment system from DeShang, China. An Access Control Error vulnerability exists in DeShang DSKMS prior to version 3.1.2, which stems from the file public/install.php that results in incorrect access control...

9.8CVSS6.7AI score0.00278EPSS

Exploits0References4

OSV•added 2023/12/31 5:15 p.m.•4 views

CVE-2023-7193

A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The...

8.1CVSS4.7AI score0.00054EPSS

Exploits0References3

CNNVD•added 2023/12/31 12:0 a.m.•2 views

MTab Bookmark Access Control Error Vulnerability

MTab Bookmark is a clean cut powerful navigation site from MTab Inc. MTab Bookmark is a simple and powerful navigation site from MTab, which allows you to quickly add your favorite websites to your bookmarks. An access control error vulnerability exists in MTab Bookmark version 1.2.6 and classifi...

8.1CVSS6.8AI score0.00054EPSS

Exploits0References4