CVE-2026-50244

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

CVE-2026-50244

CVE-2026-50244 affects the Naxclow IoT Platform. The registration endpoint accepts signed requests with a batch prefix and a caller-supplied account identifier without ownership validation, allowing an attacker to mint new sequential device identifiers and read the batch’s current high-water coun...

PT-2026-48959

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

CVE-2026-25654

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3. Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the...

CVE-2026-26368

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user UGUSER to reset the password of arbitrary accounts, including those in the UGADMIN and UGSUPERADMIN groups, without...

📄 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion

The eNet Smart Home system contains an authorization weakness in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce proper role-based access...

CVE-2025-12879

CVE-2025-12879 : WordPress plugin “User Generator and Importer” (

CVE-2025-63952

A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

CVE-2025-63952

A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

CVE-2025-56219

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service DoS when an excessively large number of user accounts are created...

EUVD-2019-7995

Malware in sbrugna...

EUVD-2019-17737

Malware in sbrugna...

EUVD-2014-2086

Malware in sbrugna...

SICK AG Enterprise Analytics 安全漏洞

SICK AG Enterprise Analytics is a package analysis software from SICK AG, Germany. A security vulnerability exists in SICK AG Enterprise Analytics that stems from a lack of a quota and checking mechanism that could lead to the arbitrary creation of user accounts...

EUVD-2022-49295

Malicious code in bioql PyPI...

EUVD-2025-13565

Malicious code in bioql PyPI...

EUVD-2025-8106

Malicious code in bioql PyPI...

EUVD-2025-26603

Malicious code in bioql PyPI...

CVE-2025-56689

One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password OTP/Multifactor Authentication MFA bypass using response manipulation. An attacker who intercepts or captures a valid OTP response can bypass the OTP verification step by replaying th...