Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accounts vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33982
Bramble Handshake Protocol (BHP) in Briar prior to 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that ...
Briarproject Briar
615
VMScore
CVE-2022-21859
Windows Accounts Control Elevation of Privilege Vulnerability
Microsoft Windows 10 -
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows 8.1 -
Microsoft Windows 7 -
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows 10 1909
Microsoft Windows 10 20h2
Microsoft Windows 10 21h1
Microsoft Windows Server 20h2
Microsoft Windows Server 2022
Microsoft Windows 10 21h2
NA
CVE-2023-23412
Windows Accounts Picture Elevation of Privilege Vulnerability
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 10 22h2
Microsoft Windows 10 1607
Microsoft Windows 10 21h2
Microsoft Windows 10 20h2
Microsoft Windows 10 1809
Microsoft Windows 10 1507
NA
CVE-2022-46172
authentik is an open-source Identity provider focused on flexibility and versatility. In versions before 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it...
Goauthentik Authentik
578
VMScore
CVE-2022-1049
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
Clusterlabs Pcs
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-46145
authentik is an open-source identity provider. Versions before 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for...
Goauthentik Authentik
NA
CVE-2023-27310
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote malicious user to assign...
Siemens Ruggedcom Crossbow
445
VMScore
CVE-2018-7248
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or ...
Zohocorp Manageengine Servicedesk Plus 9.3
570
VMScore
CVE-2006-0632
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote malicious users to obtain the key and mo...
Phpbb Group Phpbb 2.0.0
Phpbb Group Phpbb 2.0.15
Phpbb Group Phpbb 2.0.16
Phpbb Group Phpbb 2.0.6
Phpbb Group Phpbb 2.0.6c
Phpbb Group Phpbb 2.0 Beta1
Phpbb Group Phpbb 2.0 Rc1
Phpbb Group Phpbb 2.0.13
Phpbb Group Phpbb 2.0.14
Phpbb Group Phpbb 2.0.4
Phpbb Group Phpbb 2.0.5
Phpbb Group Phpbb 2.0.8a
Phpbb Group Phpbb 2.0.9
Phpbb Group Phpbb 2.0.1
Phpbb Group Phpbb 2.0.10
Phpbb Group Phpbb 2.0.17
Phpbb Group Phpbb 2.0.18
Phpbb Group Phpbb 2.0.6d
Phpbb Group Phpbb 2.0.7
Phpbb Group Phpbb 2.0 Rc2
Phpbb Group Phpbb 2.0 Rc3
Phpbb Group Phpbb 2.0.11
755
VMScore
CVE-2008-6553
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote malicious users to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a dele...
Impliedbydesign Micro-cms
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »