Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
β€’added 2026/03/15 6:34 p.m.β€’2 views

CVE-2015-20117 RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and...

6.9CVSS5.8AI score0.00195EPSS
Exploits1References3
NVD
NVD
β€’added 2026/02/27 8:21 p.m.β€’9 views

CVE-2026-27836

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited us...

7.5CVSS0.0041EPSS
Exploits1References2
Packet Storm
Packet Storm
β€’added 2025/11/27 12:0 a.m.β€’169 views

πŸ“„ FortiWeb 8.0.1 Authentication Bypass

A critical authentication bypass vulnerability exists in FortiWeb web application firewalls that allows unauthenticated attackers to create administrative users via path traversal in the API endpoint. Version 8.0.1 is affected...

9.8CVSS7.4AI score0.89177EPSS
Exploits17
GithubExploit
GithubExploit
β€’added 2025/05/23 9:4 p.m.β€’310 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 - CrushFTP User Creation Authentication Bypass...

9.8CVSS9.5AI score0.99963EPSS
Exploits18
OSV
OSV
β€’added 2024/09/04 3:15 a.m.β€’6 views

CVE-2024-7950

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function...

9.8CVSS6.3AI score0.01197EPSS
Exploits0References8
GithubExploit
GithubExploit
β€’added 2024/02/11 2:38 p.m.β€’112 views

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2023-46747 Exploit Script This script exploits the F5 B...

9.8CVSS10AI score0.96515EPSS
Exploits17
Gitee
Gitee
β€’added 2020/11/27 8:6 p.m.β€’5 views

Exploit for Missing Authentication for Critical Function in Sap Netweaver_Application_Server_Java

PoC exploit for CVE-2020-6287, a vulnerability in SAP NetWeaver AS Java. The exploit targets the CTCWebService component, allowing an unauthenticated attacker to add a user with no administrator permission set. The vulnerability is present in the CTCWebServiceBean?wsdl endpoint, which is accessed...

10CVSS9AI score0.94719EPSS
Exploits6
Packet Storm
Packet Storm
β€’added 2020/03/27 12:0 a.m.β€’168 views

ECK Hotel 1.0 Cross Site Request Forgery

Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Date: 2020-03-26 Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author: Mustafa Emre GΓΌl Website: https://emregul.com.tr/ Tested...

0.4AI score
Exploits0
Packet Storm
Packet Storm
β€’added 2019/10/18 12:0 a.m.β€’295 views

Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation

Introduction Description A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to create a privileged user on the system using the web application login interface. Vulnerability Type - Argument Injection or Modification...

0.2AI score0.02604EPSS
Exploits3
Rows per page
Query Builder