Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accounts vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2019-2386
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versi...
Mongodb Mongodb
5
CVSSv2
CVE-2021-1486
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote malicious user to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to...
Cisco Sd-wan Vmanage
Cisco Catalyst Sd-wan Manager
4.3
CVSSv2
CVE-2022-0564
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote malicious user to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the malicious user t...
Qlik Qlik Sense
NA
CVE-2023-3460
The Ultimate Member WordPress plugin prior to 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing malicious users to create administrator accounts at will. This is actively being exploited in the wild.
Ultimatemember Ultimate Member
9 Github repositories
5.5
CVSSv2
CVE-2007-3602
The SOAP webservice in vtiger CRM prior to 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.
Vtiger Vtiger Crm
5
CVSSv2
CVE-2021-41807
Lack of rate limiting in M-Files Server and M-Files Web products with versions prior to 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
M-files M-files Server
M-files M-files Web
7.5
CVSSv2
CVE-2019-3758
RSA Archer, versions before 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.
Rsa Archer
NA
CVE-2023-33791
A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
Netbox Netbox 3.5.1
9
CVSSv2
CVE-2017-18373
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password...
Billion 5200w-t Firmware 7.3.8.0
7.5
CVSSv2
CVE-2002-1092
Cisco VPN 3000 Concentrator 3.6(Rel) and previous versions, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.
Cisco Vpn 3000 Concentrator Series Software
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »