101 matches found
CVE-2026-25654
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...
CVE-2026-26368
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user UGUSER to reset the password of arbitrary accounts, including those in the UGADMIN and UGSUPERADMIN groups, without...
📄 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion
The eNet Smart Home system contains an authorization weakness in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce proper role-based access...
CVE-2025-12879
CVE-2025-12879 : WordPress plugin “User Generator and Importer” (
CVE-2025-63952
A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...
CVE-2025-63952
A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...
CVE-2025-63953
A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...
CVE-2025-56219
Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service DoS when an excessively large number of user accounts are created...
EUVD-2014-2086
Malware in sbrugna...
EUVD-2019-7995
Malware in sbrugna...
EUVD-2019-17737
Malware in sbrugna...
SICK AG Enterprise Analytics 安全漏洞
SICK AG Enterprise Analytics is a package analysis software from SICK AG, Germany. A security vulnerability exists in SICK AG Enterprise Analytics that stems from a lack of a quota and checking mechanism that could lead to the arbitrary creation of user accounts...
EUVD-2025-13565
Malicious code in bioql PyPI...
EUVD-2022-49295
Malicious code in bioql PyPI...
EUVD-2025-26603
Malicious code in bioql PyPI...
EUVD-2025-8106
Malicious code in bioql PyPI...
CVE-2025-56689
One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password OTP/Multifactor Authentication MFA bypass using response manipulation. An attacker who intercepts or captures a valid OTP response can bypass the OTP verification step by replaying th...
CVE-2025-49652
The CVE covers Lablup’s BackendAI, where the registration feature lacks authentication, allowing arbitrary users to create accounts and access private data even when registration is disabled. Concrete impact stated across sources: unauthorized account creation with high/critical severity (CVSS 3....
CVE-2025-49652 Improper access control allows arbitrary account creation
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
CVE-2022-43340
A Cross-Site Request Forgery CSRF in dzzoffice 2.02.1SCUTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users...