90 matches found
Zitadel - User Registration Bypass
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...
Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. id: CVE-2020-13125 info...
CVE-2026-50076
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...
GHSA-G8VR-X4QH-25QG Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation
A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...
PT-2026-40894
Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions prior to 5.1.6 Description An issue exists where the is admin creation process function relies exclusively on the presence of the action=createuser parameter within the $ REQUEST...
CVE-2026-42230
Affected software: n8n open source workflow automation platform. Vulnerability: Open redirect via the MCP OAuth flow. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint allowed unauthenticated OAuth client registrations, enabling arbitrary redirect_uri values. If a u...
PT-2026-23106
Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.12.0 Description ZITADEL, an open source identity management platform, had a flaw in its login V2 UI. This allowed users to circumvent login behavior and security policies, enabling self-registration of new...
CVE-2026-27836 phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited us...
CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'processpaypalsdkpayment' function in all versions up to, and including, 6.0.6.9. This is...
CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'processpaypalsdkpayment' function in all versions up to, and including, 6.0.6.9. This is...
MiracleLinux 9 : keylime-6.5.2-6.el9.ML.1 (AXSA:2023-6400:04)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6400:04 advisory. keylime: registrar is subject to a DoS against SSL connections CVE-2023-38200 Keylime: challenge-response protocol bypass during agent registration...
EUVD-2025-38358
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value...
CVE-2025-61118
mCarFix Motorists App version 2.3 package name com.skytop.mcarfix, developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data...
CVE-2025-61118
mCarFix Motorists App version 2.3 package name com.skytop.mcarfix, developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data...
CVE-2025-61118
The CVE-2025-61118 entry concerns the mCarFix Motorists App (version 2.3, package com.skytop.mcarfix). Reports across multiple sources describe improper access control that enables bypassing verification to register accounts and, by manipulating sequential numeric IDs, unauthorized access to user...
WordPress Plugin Academy LMS Elevation of Privilege Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress plugin Academy LMS due to the...
CVE-2025-11517 Event Tickets and Registration <= 5.26.5 - Unauthenticated Ticket Payment Bypass
The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint not verifying that a ticket type should be free allowing the user to bypass the payment...
EUVD-2018-12980
Malware in sbrugna...
EUVD-2016-3093
Malware in sbrugna...
EUVD-2024-33417
Malicious code in bioql PyPI...