CVE-2026-9018

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the easyelhandleregister function. This is due to the wpajaxnopriveelregister AJAX handler iterating the attacker-controlled...

Code-Projects Online Hospital Management System 安全漏洞

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System contains a security vulnerability. This vulnerability stems from the handling of the parameter...

CVE-2018-25307

SysGauge Pro 4.6.12 has a local buffer overflow in the Register function that allows an attacker to overwrite the Structured Exception Handler by providing a crafted unlock key. The vulnerability enables shellcode injection via the Unlock Key field during registration, resulting in arbitrary code...

CVE-2026-5749

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

CVE-2026-5749

CVE-2026-5749 concerns Fullstep V5, where inadequate access control in the registration flow could let unauthenticated users obtain a valid JWT token to access authenticated API resources. This could compromise confidentiality of affected resources when a valid token is presented. The CVSS 4.0 ba...

Fullstep 安全漏洞

Fullstep is a corporate procurement and supply chain management platform developed by Fullstep Inc. The Fullstep V5 version contains a security vulnerability. This vulnerability stems from insecure direct object references during the registration process, which may allow authenticated users to...

PT-2026-34332

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

EUVD-2026-19642

In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...

CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

CVE-2026-1492

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a...

CVE-2025-12981

The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...

CVE-2026-2848

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be...

CVE-2025-13563

CVE-2025-13563 affects the Lizza LMS Pro plugin for WordPress, vulnerable in all versions up to 1.0.3 due to improper restriction in lizza_lms_pro_register_user_front_end, allowing unauthenticated attackers to supply the administrator role during registration and gain admin access. No remediation...

CVE-2026-2159

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. I...

Exploit for Improper Privilege Management in Najeebmedia Simple_User_Registration

CVE-2025-4334 Vulnerability Exploitation Tool Overview This...

CVE-2025-15406 PHPGurukul Online Course Registration authorization

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used...

PT-2025-51873

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 are susceptible to an open redirect issue stemming from inadequate validation of the siteRedirectUri parameter during user registration. This allows attackers to redirect...

CVE-2025-13764 WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WPCarDealerUser::processregister' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers t...

EUVD-2025-200296

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlmsregisteruserfrontend' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to...

CVE-2025-13538 FindAll Listing <= 1.0.5 - Unauthenticated Privilege Escalation

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findalllistinguserregistrationadditionalparams' function not restricting what user roles a user can register with. This makes it possible for...