Lucene search
K

15 matches found

EUVD
EUVD
added 2026/05/13 6:30 p.m.12 views

EUVD-2020-31218

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=adduser endpoint with POST requests...

5.1CVSS5.7AI score0.0014EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:22 p.m.9 views

CVE-2020-37217

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=adduser endpoint with POST requests...

5.1CVSS5.7AI score0.0014EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40618

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add user endpoint with POST requests...

5.1CVSS5.7AI score0.0014EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.11 views

Precurio Intranet Portal 代码问题漏洞

Precurio Intranet Portal is a document management portal system developed by the American company Precurio. Version 2.0 of Precurio Intranet Portal has a code vulnerability. This vulnerability stems from the /public/admin/user/submitnew endpoint, where cross-site request forgery exists, potential...

5.3CVSS5.8AI score0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.6 views

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS5.7AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2026/02/17 9:22 p.m.5 views

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS0.00299EPSS
Exploits0References1
NVD
NVD
added 2026/01/30 11:16 p.m.6 views

CVE-2020-37046

Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative...

5.3CVSS0.00179EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/10/24 6:38 a.m.189 views

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

LetsDefend-SOC235-Atlassian-Confluence-Broken-Access-Control-0...

10CVSS7.8AI score0.99156EPSS
Exploits39
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53610

Malicious code in bioql PyPI...

4.5CVSS6.5AI score0.00476EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/02/08 6:49 a.m.22 views

CVE-2024-57523

Cross Site Request Forgery CSRF in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user...

4.5CVSS6.7AI score0.00476EPSS
Exploits2References1
CVE
CVE
added 2025/02/06 12:0 a.m.57 views

CVE-2024-57523

CVE-2024-57523 corresponds to a CSRF vulnerability in the Users.php endpoint of SourceCodester Packers and Movers Management System 1.0. Exploitation requires an authenticated admin user to visit a crafted page, enabling attackers to create unauthorized admin accounts (privilege escalation) with ...

4.5CVSS6.8AI score0.00476EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/06 12:0 a.m.9 views

CVE-2024-57523

Cross Site Request Forgery CSRF in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user...

4.7AI score0.00476EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2025/01/15 6:56 p.m.221 views

Exploit for Cross-Site Request Forgery (CSRF) in Oretnom23 Packers_And_Movers_Management_System

CVE-2024-57523 - CSRF Vulnerability in Users.php - SourceCodes...

4.5CVSS6.9AI score0.00476EPSS
Exploits2
OSV
OSV
added 2023/10/04 2:15 p.m.5 views

CVE-2023-22515

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access...

9.8CVSS5.5AI score0.99156EPSS
Exploits39References5
Prion
Prion
added 2020/03/10 8:15 p.m.14 views

Design/Logic Flaw

A vulnerability has been identified in SIPORT MP All versions 3.1.4. Vulnerable versions of the device allow the creation of special accounts "service users" with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of...

5.5CVSS6.2AI score0.0116EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder