Lucene search
K

1397 matches found

Nuclei
Nuclei
added yesterday291 views

WSO2 User Registration - Arbitrary Account Creation

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...

4.3CVSS6.1AI score0.00606EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday35 views

Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

6.9CVSS6.1AI score0.00711EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-39508

File Browser: Authentication Bypass via Proxy Auth Header Forgery...

9.1CVSS6.1AI score0.00337EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-56312 Capgo - Account Creation Before CAPTCHA Validation in accept_invitation Endpoint

Capgo before 12.128.2 contains an improper validation vulnerability in the acceptinvitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn...

6.9CVSS0.00275EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-56312

Capgo before 12.128.2 is affected by an improper validation vulnerability in the accept_invitation endpoint. The issue allows bypassing captcha validation to create user accounts, potentially wasting invite links and enabling unauthorized account creation. Affected product/version: Capgo prior to...

6.9CVSS6.1AI score0.00275EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/02 3:37 p.m.7 views

CVE-2026-37106

A flaw was found in DokuWiki. A remote attacker can create an account through the registration function. This occurs when the DokuWiki instance is configured to allow self-registration, which is not the default setting. This could lead to the creation of unauthorized user accounts. Mitigation To...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-415 MLflow authentication requirement bypass can allow a user to arbitrarily create an account

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirement...

9.1CVSS7.3AI score0.01157EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:41 p.m.7 views

CVE-2025-71327

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS6AI score0.0046EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/06/25 7:16 p.m.12 views

CVE-2026-54089

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS0.00337EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:46 p.m.7 views

CVE-2026-54089

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS5.8AI score0.00337EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/25 5:46 p.m.12 views

CVE-2026-54089

CVE-2026-54089 impacts File Browser when configured with proxy authentication (auth.method=proxy). The issue allows an unauthenticated attacker who can reach the server to impersonate any user—including an administrator—by sending a single forged HTTP header. No credentials are required. Addition...

9.1CVSS5.8AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52537

Name of the Vulnerable Software and Affected Versions File Browser versions 2.0.0-rc.1 and later Description When configured with proxy authentication auth.method=proxy, the software improperly trusts upstream identity headers without validating that requests originate from a trusted proxy. An...

9.1CVSS5.7AI score0.00337EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/24 9:17 p.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the ENABLEREVERSEPROXYAUTHENTICATION process. An attacker can impersonate any user or trigger automatic account creation by forging the configured authentication header in client requests. This is only exploitable...

8.7CVSS6AI score0.00864EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the ENABLEREVERSEPROXYAUTHENTICATION process. An attacker can impersonate any user or trigger automatic account creation by forging the configured authentication header in client requests. This is only exploitable...

8.7CVSS6AI score0.00864EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 9:16 p.m.11 views

CVE-2026-25119

Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...

8.7CVSS0.00864EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:7 p.m.7 views

CVE-2026-25119

Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...

8.7CVSS6AI score0.00864EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/24 8:7 p.m.23 views

CVE-2026-25119 Gogs: Authentication Bypass via Unvalidated Reverse Proxy Headers

Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...

8.7CVSS0.00864EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/22 5:9 p.m.8 views

Gogs has an Authentication Bypass via Unvalidated Reverse Proxy Headers

Summary When ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can reach the Gogs service can for...

8.7CVSS6AI score0.00864EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/22 2:17 p.m.12 views

CVE-2026-7167

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:50 p.m.8 views

EUVD-2026-38237

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References1
Rows per page
Query Builder