7 matches found
CVE-2026-1779 User Registration & Membership <= 5.1.2 - Authentication Bypass
The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'registermember' function. This makes it possible for unauthenticated attackers to log in a newly registered user ...
CVE-2026-1779
The vulnerability CVE-2026-1779 affects the WordPress plugin User Registration & Membership (UP to version 5.1.2). The root cause is an incorrect authentication path in the register_member function, enabling unauthenticated attackers to log in a newly registered user who has the urm_user_just_cre...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root group. An attacker can gain elevated privileges by authenticating as a new user through SSH...
Incorrect Privilege Assignment
Overview github.com/ubuntu/authd/internal/users is an authentication daemon for external Broker Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root grou...
CVE-2023-27272
IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system...
CVE-2023-27272
IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system...
CVE-2020-13533
A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs...