CVE-2026-50225

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

EUVD-2026-34230

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

CVE-2026-35514

Vulnerability overview : Chartbrew 4.9.0 contains an unauthenticated account creation bypass via POST /user/invited, which does not validate invite tokens, authentication headers, or sessions. This allows any unauthenticated user to create a fully active account and obtain a valid JWT, even when ...

CVE-2026-35514 Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in Chartbrew

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

EUVD-2026-25284

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

PT-2026-24782

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

EUVD-2025-208352

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisperregisterform function not restricting user roles that can be set during registration. This makes it possible...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the account registration endpoint. An attacker can manipulate server-managed fields and associate new accounts with existing...

CVE-2025-49379

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

EUVD-2025-204231

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

CVE-2025-49379 WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

PT-2025-52015

Name of the Vulnerable Software and Affected Versions Custom Fields Account Registration For Woocommerce versions n/a through 1.2 Description A flaw exists in Custom Fields Account Registration For Woocommerce that allows for privilege escalation due to incorrect privilege assignment. This issue...

WordPress plugin Custom Fields Account Registration For Woocommerce 安全漏洞

...

CVE-2025-12093

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

PT-2025-49223

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Custom Fields Account Registration For Woocommerce versions = 1.2...

CVE-2025-61118

mCarFix Motorists App version 2.3 package name com.skytop.mcarfix, developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data...

mCarFix Motorists App 安全漏洞

The mCarFix Motorists App is a comprehensive service application for motorists from mCarFix Kenya. A security vulnerability exists in version 2.3 of the mCarFix Motorists App, which stems from improper access control and could allow an attacker to bypass authentication to register an account at...