BIT-AUTHENTIK-2022-46145 authentik vulnerable to unauthorized user creation and potential account takeover

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

CVE-2015-20117 RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and...

CVE-2015-20117

The CVE-2015-20117 entry concerns RealtyScript 4.0.2 from Next Click Ventures. A cross-site request forgery vulnerability allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting requests to /admin/addusers.php and /admin/editadmins.php, enabling ...

CVE-2023-40918

KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role...

Palantir Control Panel 安全漏洞

Palantir Control Panel is a centralized management console from Palantir USA. A security vulnerability exists in Palantir Control Panel that stems from a lack of organizational access checks that could lead to unauthorized user creation...

KeeneticOS 安全漏洞

KeeneticOS is an operating system from the German company Keenetic. A security vulnerability exists in KeeneticOS versions prior to 4.3, which stems from the presence of CRLF injection in the /auth API endpoint, which could lead to an attacker taking over the device by adding additional users wit...

CVE-2025-56009

CVE-2025-56009 affects KeeneticOS prior to 4.3. A CSRF flaw at the /rci API endpoint lets an attacker cause a victim to add a new user with full permissions, effectively allowing device takeover. The CVE description and Red Hat/CNNVD/CVE records confirm the vulnerability path is the /rci API, wit...

CVE-2025-54603

An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users...

EUVD-2025-34434

An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users...

CVE-2025-54603

An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users...

CVE-2025-54603

The CVE-2025-54603 entry affects Claroty Secure Access versions 3.3.0 through 4.0.2. The root cause is an incorrect OIDC authentication flow, which can enable unauthorized user creation or impersonation of existing OIDC users. The vulnerability is described with network attack surface and a low t...

CVE-2025-54603

An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users...

CVE-2025-54603

An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users...

EUVD-2019-5660

Malware in sbrugna...

EUVD-2024-53574

Malicious code in bioql PyPI...

EUVD-2024-27856

Malicious code in bioql PyPI...

EUVD-2024-35336

Malicious code in bioql PyPI...

EUVD-2023-34028

Malicious code in bioql PyPI...

Exploit for Improper Input Validation in Joomla Joomla\!

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明：目前来看，本项目会进行长期维护，有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz＜3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell - DedeCMS V5.7 SP2后台存在代码执行漏洞 Drupal -...

CVE-2024-7097

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper...