Lucene search
K

1314 matches found

CVE
CVE
added 2026/05/16 3:25 p.m.15 views

CVE-2020-37240

CVE-2020-37240 affects Queue Management System 4.0.0 with a stored XSS flaw in the Add User workflow. Authenticated administrators can inject JavaScript via First Name, Last Name, or Email during user creation, with payloads executing on the User List page. CVSS-4.0 vector yields 5.1 (MEDIUM), an...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.11 views

CVE-2020-37240 Queue Management System 4.0.0 Stored XSS via Add User

Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/16 2:50 a.m.180 views

Exploit for CVE-2026-8181

CVE-2026-8181 - Burst Statistics Authentication Bypass Exploit...

9.8CVSS5.8AI score0.14608EPSS
Exploits10
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.9 views

CodeKernel Token - Queue Management System 跨站脚本漏洞

CodeKernel Token - Queue Management System is a Laravel-based queueing and customer waiting list management system developed by CodeKernel. Version 4.0.0 of CodeKernel Token - Queue Management System contains a cross-site scripting vulnerability. This vulnerability stems from storage-type...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.18 views

PT-2026-41440

Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 10:16 p.m.14 views

CVE-2026-6736

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.5CVSS0.00266EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/07 9:14 p.m.12 views

CVE-2026-6736

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/05 9:29 p.m.6 views

Improper Enforcement of a Single, Unique Action

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Enforcement of a Single, Unique Action through the user creation process. An attacker can remove administrative privileges and disrup...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/24 8:39 p.m.8 views

Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to create pages, files or users pages.create, files.create or users.create permission is disabled. This can be due to configuration in the user blueprints, via options in the model blueprints or v...

8.8CVSS5.3AI score0.00363EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 12:38 a.m.4 views

CVE-2026-41325

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

7.1CVSS5.6AI score0.00363EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/24 12:38 a.m.32 views

CVE-2026-41325 Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

7.1CVSS0.00363EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.24 views

Cisco IOS XE Software Lobby Ambassador Privilege Escalation (cisco-sa-iosxe-lobby-privesc-KwxBqJy)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would...

5.4CVSS8.8AI score0.00284EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 11:35 p.m.8 views

BIT-AUTHENTIK-2022-46145 authentik vulnerable to unauthorized user creation and potential account takeover

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

9.8CVSS7.3AI score0.01177EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/15 3:17 p.m.4 views

CVE-2026-20202 Improper Input Validation during User Account Creation in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability editusercould create a special...

6.6CVSS5.8AI score0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 1:55 p.m.3 views

CVE-2025-57853

A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

6.4CVSS6.1AI score0.00158EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/08 1:55 p.m.5 views

CVE-2025-57851

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

6.7CVSS6.1AI score0.00113EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 2:11 p.m.5 views

CVE-2026-5378 runZero Platform user creation leak

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS5.8AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 2:11 p.m.20 views

CVE-2026-5378 runZero Platform user creation leak

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 2:11 p.m.19 views

CVE-2026-5378

The CVE-2026-5378 issue affects the runZero Platform. Affected component: user management functionality in the RunZero platform. Description indicates an Incorrect Authorization flaw that allowed administrators to create and update users outside of their authorized organization scope. Root cause ...

6.8CVSS5.8AI score0.00191EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/04 9:30 p.m.6 views

EUVD-2016-10873

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

5.3CVSS5.9AI score0.00106EPSS
Exploits1References2
Rows per page
Query Builder