Lucene search
K

11 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-55761

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS0.00272EPSS
Exploits1References6
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-55761 Portainer: Unauthenticated Restore Endpoint Allows Admin Takeover on Uninitialised Portainer Instances

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS0.00272EPSS
Exploits1References6
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42297

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS5.9AI score0.00272EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/06 4:59 p.m.9 views

Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

Summary An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets th...

9.8CVSS6.1AI score0.00339EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/06 4:59 p.m.5 views

GHSA-MXQH-Q9H6-V8PQ Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

Summary An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets th...

8.1CVSS6.1AI score0.00339EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/06 12:0 a.m.12 views

Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets the...

9.8CVSS5.8AI score0.00339EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-25257

Malicious code in bioql PyPI...

5.4CVSS6.7AI score0.01104EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 4:36 a.m.8 views

CVE-2025-57789

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...

5.4CVSS7.2AI score0.01104EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 3:22 a.m.27 views

CVE-2025-57789

CVE-2025-57789 – Commvault initial administrator login vulnerability . The issue occurs in the setup window between installation and the first administrator login, where remote attackers may exploit the default credentials to gain admin control. Affected versions include Commvault 11.32.x before ...

5.4CVSS6.6AI score0.01104EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/20 3:22 a.m.13 views

CVE-2025-57789 Vulnerability in Initial Administrator Login Process

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...

5.3CVSS0.01104EPSS
Exploits0References1
OSV
OSV
added 2024/07/24 4:15 p.m.22 views

CVE-2024-31970

AdTran SRG 834-5 HDC17600021F1 devices with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1 have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with...

8.8CVSS6.1AI score0.00608EPSS
Exploits0References3
Rows per page
Query Builder