Lucene search
+L

80 matches found

EUVD
EUVD
added 2026/07/08 11:30 a.m.6 views

EUVD-2026-42217

The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.2. This is due to the handlefrontendregister function in the unauthenticated /thlogin/v1/register REST endpoint accepting a user-controlled 'role' parameter and...

6.3CVSS5.8AI score0.00209EPSS
Exploits0References6
CVE
CVE
added 2026/07/08 11:30 a.m.13 views

CVE-2026-14250

The CVE-2026-14250 issue affects the Themehunk Login Registration plugin for WordPress up to version 1.0.2. The root cause is in handle_frontend_register() at the unauthenticated /thlogin/v1/register REST endpoint, which accepts a user-controlled role parameter and validates it only against get_e...

6.3CVSS5.8AI score0.00209EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 6:0 a.m.6 views

EUVD-2026-41818

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...

8.8CVSS6AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/05 7:0 a.m.34 views

CVE-2026-14719 SourceCodester Onlne Examination & Learning Management System Registration Endpoint register.php privileges management

A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...

7.5CVSS0.00288EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 7:0 a.m.21 views

CVE-2026-14719

CVE-2026-14719 describes a privilege-management flaw in SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerable component is the register.php file of the Registration Endpoint. An attacker can manipulate the role parameter to achieve improper privilege management, and th...

7.5CVSS6.7AI score0.00288EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 7:16 p.m.11 views

CVE-2026-58465

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS0.00555EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 5:55 p.m.8 views

EUVD-2026-41417

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS6AI score0.00555EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:55 p.m.8 views

CVE-2026-58465

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS6AI score0.00555EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.23 views

PT-2026-55282

Name of the Vulnerable Software and Affected Versions Eclipse Wakaama versions prior to snapshot/2026-05-26 Description An unbounded memory allocation issue exists in the CoAP Block1 handler within the coap/block.c file. Unauthenticated remote attackers can cause a denial of service by sending a...

8.7CVSS6.2AI score0.00555EPSS
Exploits0References9
NVD
NVD
added 2026/06/29 2:16 p.m.11 views

CVE-2026-13568

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS0.00278EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-13570

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...

5.1CVSS0.00191EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:15 p.m.7 views

CVE-2026-13570

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/29 12:45 p.m.46 views

CVE-2026-13568 SourceCodester Inventory Management System User Registration Endpoint users_handler.php access control

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS0.00278EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 12:45 p.m.38 views

CVE-2026-13568

Affected product: SourceCodester Inventory Management System 1.0. Vulnerability: In the User Registration Endpoint, the /api/users_handler.php component mishandles the role argument, enabling improper access controls. This enables remote exploitation. Impact details (as stated): Remote exploitati...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 10:16 p.m.8 views

CVE-2025-71327

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS0.0046EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 9:41 p.m.35 views

CVE-2025-71327

Flowise has an authentication bypass in the unprotected /api/v1/account/register endpoint. Unauthenticated attackers can register arbitrary accounts and gain full API access without credentials. CVSS metrics are provided (v3.1: 9.1; v4.0: 9.3), indicating a critical impact on confidentiality and ...

9.3CVSS6AI score0.0046EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.25 views

CVE-2025-71327 Flowise - Authentication Bypass via Unprotected Registration Endpoint

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

9.3CVSS0.0046EPSS
Exploits1References2
NVD
NVD
added 2026/06/24 5:16 p.m.9 views

CVE-2026-13164

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS0.00406EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:37 p.m.15 views

CVE-2026-13164

Technical details are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6AI score0.00406EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:37 p.m.48 views

CVE-2026-13164 Unauthenticated self-registration in MailerUp allows access to stored email data

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS0.00406EPSS
Exploits0References2
Rows per page
Query Builder