48 matches found
CVE-2026-9803
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...
GitHub Enterprise Server 访问控制错误漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was an access control...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the SUSE Virtualization Harvester Rancher integration mechanism. An attacker can intercept sensitive information and cause a crash of the registration controller by exploiting insecure TLS certificate...
CVE-2026-7780
A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udmstateoperational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The...
EUVD-2026-27100
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirecturi values to be registered. When a user denies the MCP OAuth consent dialog,...
GHSA-F6X8-65Q6-J9M9 n8n has Open Redirect in MCP OAuth Consent Flow
Impact The /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirecturi values to be registered. When a user denies the MCP OAuth consent dialog, the handleDeny handler redirects the user to the registered redirecturi without validation,...
PT-2026-36906
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description The MCP OAuth client registration endpoint accepts unauthenticated requests and stores client data without adequate resource controls. A remot...
Flowise 安全漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from an improper bulk assignment vulnerability in the account registration endpoint, allowing...
PT-2026-30625
Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint /api/trpc/user.register is vulnerable to a race condition that allows an attacker to create multiple user accounts from a single-use invite token. The registration flow performs three sequential database operation...
CVE-2026-32132
CVE-2026-32132 (ZITADEL) affects Zitadel identity management platform prior to versions 3.4.8 and 4.12.2. The vulnerability lies in the passkey registration endpoint, where an improper expiration check of a retrieved code could allow an attacker to register their own passkey and gain access to th...
CVE-2025-13851
The Buyent Classified plugin for WordPress bundled with Buyent theme is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user role during registration via the REST API endpoint. This...
CVE-2025-14583
CVE-2025-14583 affects CampCodes Online Student Enrollment System v1.0 in the /admin/register.php handler where manipulating the photo parameter enables unrestricted file upload. This remote vulnerability can be exploited without authentication and is accompanied by published exploit guidance. Re...
CVE-2025-9315
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...
CVE-2025-9315
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...
EUVD-2025-202406
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...
CVE-2025-9315 Unauthenticated Device Registration Vulnerability in MXsecurity Series
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...
CVE-2025-9315
The CVE-2025-9315 issue affects the MXsecurity Series and stems from Improperly Controlled Modification of Dynamically-Determined Object Attributes. An unauthenticated remote attacker can send a crafted JSON payload to the device registration endpoint /api/v1/devices/register to register unauthor...
CVE-2025-9315 Unauthenticated Device Registration Vulnerability in MXsecurity Series
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...
PT-2025-50311
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...
CVE-2025-64066
Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access Control vulnerability. The endpoint fails to implement any authorization checks, allowing unauthenticated attackers to perform POST requests to register new user accounts in the application's local database...