Lucene search
K

23 matches found

NVD
NVD
added 2026/02/07 12:15 a.m.6 views

CVE-2020-37106

Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...

5.3CVSS0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 11:14 p.m.32 views

CVE-2020-37106 Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)

Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...

5.3CVSS0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 11:14 p.m.10 views

CVE-2020-37106

The CVE-2020-37106 issue affects Business Live Chat Software 1.0 and is described as a cross-site request forgery (CSRF) vulnerability. A remote attacker can craft a malicious HTML form that sends a POST to the user creation endpoint with administrative access parameters to change user account ro...

5.3CVSS5.2AI score0.00181EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 11:14 p.m.4 views

CVE-2020-37106

Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...

5.3CVSS5.2AI score0.00181EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6814

Name of the Vulnerable Software and Affected Versions Business Live Chat Software version 1.0 Description The software contains a cross-site request forgery condition that permits attackers to alter user account roles without needing to authenticate. An attacker can create a malicious HTML form t...

5.3CVSS5.3AI score0.00181EPSS
Exploits0References5
Snyk
Snyk
added 2025/11/26 7:33 p.m.4 views

Incorrect Authorization

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

9.1CVSS6.9AI score0.00269EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/11/26 7:33 p.m.6 views

OneUptime Unauthorized User Creation via API

Summary A low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. PoC A low-permission user sends a crafted API request to the user-creation endpoint and the system creates the account successfully. Impact This allows attacke...

8.8CVSS6.8AI score0.00269EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-6873

Malicious code in bioql PyPI...

7.3CVSS6.9AI score0.00525EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19425

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.03516EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2025/08/21 2:26 p.m.9 views

UnoPim vulnerable to remote code execution through Arbitrary File upload

Summary: Affected Functionality: Image upload at User creation Endpoint: /admin/settings/users/create Details The image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy lik...

8.8CVSS6AI score0.00446EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/08/21 2:25 p.m.5 views

GHSA-XR97-25V7-HC2Q UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality

Summary Affected Functionality: User creation Endpoint: /admin/settings/users/create Details https://github.com/unopim/unopim/blob/a0dc81947a59ada69e19e1e4313dd591d4e277b4/packages/Webkul/Core/src/Traits/Sanitizer.phpL9-L19 See the mimetype is checked for validation. Mime-type is usually identifi...

6.8CVSS6.2AI score0.00345EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/06/29 8:1 p.m.15 views

CVE-2025-6775

A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...

6.5CVSS7AI score0.03516EPSS
Exploits1References1
NVD
NVD
added 2025/06/27 8:15 p.m.10 views

CVE-2025-6775

A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...

9.8CVSS0.03516EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/06/27 8:0 p.m.7 views

CVE-2025-6775 xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection

A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...

6.5CVSS7.9AI score0.03516EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/06/27 8:0 p.m.17 views

CVE-2025-6775 xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection

A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...

6.5CVSS0.03516EPSS
Exploits1References7
OSV
OSV
added 2025/06/27 8:0 p.m.6 views

CVE-2025-6775 xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection

A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...

5.3CVSS6.1AI score0.03516EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/22 9:25 p.m.8 views

CVE-2021-38617

In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation...

8.8CVSS7AI score0.01413EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/05/02 6:31 p.m.12 views

Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor

A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgradi...

7.5CVSS6.8AI score0.01813EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/02 3:31 p.m.17 views

CVE-2025-4210 Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization

A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgradi...

7.5CVSS7.3AI score0.01813EPSS
Exploits0References5
CVE
CVE
added 2025/05/02 3:31 p.m.62 views

CVE-2025-4210

Casdoor SCIM User Creation Endpoint (controller: SCIM.go HandleScim) up to version 1.811.0 contains an authorization bypass caused by manipulation in HandleScim. This allows remote attackers to bypass authorization. A fix is available in version 1.812.0, with patch hash 3d12ac8dc2282369296c338681...

7.5CVSS7.3AI score0.01813EPSS
In wildExploits0References5
Rows per page
Query Builder