Lucene search
K

231 matches found

Snyk
Snyk
added 2026/02/19 8:31 p.m.7 views

Incorrect Privilege Assignment

Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to insufficient privilege checks in the create user function. An attacker can gain unauthorized...

8.8CVSS5.6AI score0.00415EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.6 views

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS5.7AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2026/02/17 9:22 p.m.5 views

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/17 8:45 p.m.4 views

CVE-2026-23595 Unauthenticated Authentication Bypass in application API allows unauthorized administrative account creation

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS5.7AI score0.00299EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.8 views

WordPress plugin LatePoint 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.7 views

AlmaLinux 10 : keylime (ALSA-2026:2225)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:2225 advisory. keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication CVE-2026-1709 Tenable has...

9.8CVSS5.9AI score0.05431EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 11:14 p.m.10 views

CVE-2020-37106

The CVE-2020-37106 issue affects Business Live Chat Software 1.0 and is described as a cross-site request forgery (CSRF) vulnerability. A remote attacker can craft a malicious HTML form that sends a POST to the user creation endpoint with administrative access parameters to change user account ro...

5.3CVSS5.2AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.6 views

PT-2026-6818

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.7 Description AMSS++ 4.7 has a flaw that permits unauthorized access to administrative accounts. This is due to the use of hardcoded credentials, specifically the default username 'admin' and password '1234'. Successful...

9.3CVSS5.4AI score0.00428EPSS
Exploits1References4
NVD
NVD
added 2026/02/05 5:16 p.m.7 views

CVE-2020-37145

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user...

5.1CVSS0.00156EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.5 views

CVE-2020-37145 HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user...

5.1CVSS5.2AI score0.00156EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/05 4:13 p.m.5 views

EUVD-2020-31039

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user...

5.1CVSS5.2AI score0.00156EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/05 4:13 p.m.27 views

CVE-2020-37145 HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user...

5.1CVSS0.00156EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:13 p.m.4 views

CVE-2020-37144

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without...

5.3CVSS5.1AI score0.00175EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/02/05 4:13 p.m.8 views

EUVD-2020-31038

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without...

5.3CVSS5.2AI score0.00175EPSS
Exploits0References4
CVE
CVE
added 2026/02/05 4:13 p.m.12 views

CVE-2020-37144

CVE-2020-37144 affects Exagate SYSGuard 6001. The root cause is a cross-site request forgery that lets an attacker trick a user into submitting a crafted HTML form to /kulyon.php, resulting in the creation of an unauthorized admin account. Affected product/version explicitly named in multiple sou...

5.3CVSS5.2AI score0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.10 views

PT-2026-6587

Name of the Vulnerable Software and Affected Versions HRSALE version 1.1.8 Description HRSALE version 1.1.8 is susceptible to a cross-site request forgery condition. This allows attackers to add unauthorized administrative users via the employee registration form. An attacker can create a malicio...

5.1CVSS5.2AI score0.00156EPSS
Exploits0References5
NVD
NVD
added 2026/01/30 11:16 p.m.7 views

CVE-2020-37046

Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative...

5.3CVSS0.00179EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.2 views

CVE-2020-37046 Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery

Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative...

5.3CVSS5.2AI score0.00179EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.25 views

CVE-2020-37046 Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery

Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative...

5.3CVSS0.00179EPSS
Exploits0References4
CVE
CVE
added 2026/01/30 10:7 p.m.15 views

CVE-2020-37046

The Vuln is CSRF in Sistem Informasi Pengumuman Kelulusan Online 1.0, exploitable via the tambahuser.php endpoint to add unauthorized admin accounts. The issue allows craftable HTML forms to submit admin credentials without victim consent. Concrete details across connected records identify the vu...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References4
Rows per page
Query Builder