Lucene search
K

447 matches found

OSV
OSV
added 2025/06/10 5:21 p.m.3 views

CVE-2025-22254

An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7,...

7.2CVSS5.8AI score0.00712EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/10 6:43 a.m.8 views

Environment Variable Exposure

github.com/knadh/listmonk is vulnerable to Environment Variable Exposure. The vulnerability is due to the use of env and expandenv template functions in Sprig, which allows non-super-admin users to capture sensitive environment variables in multi-user installations...

9CVSS9AI score0.00907EPSS
Exploits2References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:27 a.m.10 views

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

6.8CVSS7.2AI score0.01042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:7 a.m.6 views

CVE-2024-20332

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

5.5CVSS7AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:52 a.m.12 views

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

4.4CVSS6.9AI score0.03469EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:48 a.m.5 views

CVE-2024-20532

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

5.5CVSS6.8AI score0.00545EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:48 a.m.6 views

CVE-2024-20527

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

5.5CVSS6.8AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:18 a.m.7 views

CVE-2023-30799

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...

9.1CVSS8.3AI score0.01313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:4 a.m.5 views

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

7.5CVSS6.4AI score0.00892EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/23 4:1 a.m.8 views

CVE-2023-36651

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...

7.2CVSS7AI score0.00996EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.5 views

CVE-2023-27576

An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified...

6.7CVSS7AI score0.00343EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:18 a.m.7 views

CVE-2022-45857

An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...

7.5CVSS7AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:38 p.m.5 views

CVE-2021-27963

SonLogger before 6.4.1 is affected by user creation with any user permissions profile e.g., SuperAdmin. An anonymous user can send a POST request to /User/saveUser without any authentication or session header...

8.2CVSS7.2AI score0.02446EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 p.m.6 views

CVE-2020-23722

An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuelid" parameters...

8.8CVSS7.1AI score0.01001EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:33 a.m.8 views

CVE-2019-12764

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

6.5CVSS6.8AI score0.01101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:44 a.m.9 views

CVE-2010-5296

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...

4.9CVSS6.5AI score0.01693EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.5 views

FortiOS 7.0.x < 7.0.16 Authentication Bypass

FortiOS version 7.0.x prior to 7.0.16 and FortiProxy version 7.0.x prior to 7.0.19 or 7.2.x prior to 7.2.12 are affected by a vulnerability allowing allows a remote attacker to gain super-admin privileges via a specific crafted requests. No source data...

9.8CVSS7.5AI score0.07243EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/04/08 2:2 p.m.12 views

CVE-2024-54024

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests...

7.2CVSS0.01069EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 2:2 p.m.63 views

CVE-2024-54024

CVE-2024-54024 affects Fortinet FortiIsolator prior to 2.4.6, due to improper neutralization of special elements in OS commands (OS Command Injection). A privileged attacker with a super-admin profile and CLI access can execute unauthorized code via specially crafted HTTP requests. Affected compo...

7.2CVSS7.6AI score0.01069EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/04/03 2:15 p.m.7 views

BIT-JOOMLA-2023-23751 [20230102] - Core - Missing ACL checks for com_actionlogs

An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access comactionlogs...

4.3CVSS4.8AI score0.00444EPSS
Exploits0References2
Rows per page
Query Builder