Lucene search
K

179 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2025-210337

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS6AI score0.0046EPSS
Exploits1References3
NVD
NVD
added 6 days ago4 views

CVE-2025-71327

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS0.0046EPSS
Exploits1References2
CVE
CVE
added 6 days ago16 views

CVE-2025-71327

Flowise has an authentication bypass in the unprotected /api/v1/account/register endpoint. Unauthenticated attackers can register arbitrary accounts and gain full API access without credentials. CVSS metrics are provided (v3.1: 9.1; v4.0: 9.3), indicating a critical impact on confidentiality and ...

9.3CVSS6AI score0.0046EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-52610

Name of the Vulnerable Software and Affected Versions Flowise affected versions not specified Description An authentication bypass exists due to missing access control and improper authentication enforcement on the registration route. This allows unauthenticated remote attackers to use the...

9.3CVSS6AI score0.0046EPSS
Exploits1References4
CVE
CVE
added 2026/06/12 9:57 p.m.19 views

CVE-2026-53868

Capgo before 12.128.2 contains a denial-of-service vulnerability where attackers can register accounts with arbitrary, unverified emails and then delete them, causing pending deletions that lock legitimate users out for up to 30 days. Root cause: unverified email ownership in account lifecycle op...

8.7CVSS5.5AI score0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:57 p.m.5 views

CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS5.5AI score0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:57 p.m.26 views

CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 9:29 a.m.9 views

EUVD-2026-34230

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

8.8CVSS5.8AI score0.00243EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 9:29 a.m.5 views

CVE-2026-50225

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

8.8CVSS5.8AI score0.00243EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of a bot mitigation mechanism in the /v1/account/register registration path, which may allow malicious automated syste...

9.1CVSS5.3AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 6:21 p.m.5 views

CVE-2026-35514 Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in Chartbrew

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

6.5CVSS5.7AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 6:21 p.m.12 views

CVE-2026-35514

Vulnerability overview : Chartbrew 4.9.0 contains an unauthenticated account creation bypass via POST /user/invited, which does not validate invite tokens, authentication headers, or sessions. This allows any unauthenticated user to create a fully active account and obtain a valid JWT, even when ...

6.5CVSS5.4AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/23 7:12 p.m.4 views

EUVD-2026-25284

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS7.2AI score0.00334EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/23 7:12 p.m.32 views

CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS0.00334EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24782

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS5.9AI score0.00638EPSS
Exploits1References7
NVD
NVD
added 2026/03/07 5:15 p.m.5 views

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...

8.8CVSS0.00328EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/07 6:31 a.m.6 views

EUVD-2025-208352

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisperregisterform function not restricting user roles that can be set during registration. This makes it possible...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/02 7:2 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the account registration endpoint. An attacker can manipulate server-managed fields and associate new accounts with existing...

9.8CVSS5.8AI score0.00334EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/19 7:33 a.m.3 views

CVE-2025-49379

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

7.2CVSS7AI score0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 9:30 a.m.6 views

EUVD-2025-204231

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

7.2CVSS6.5AI score0.0033EPSS
Exploits0References2
Rows per page
Query Builder