Lucene search
K

10792 matches found

NVD
NVD
added last week9 views

CVE-2026-10830

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...

8.8CVSS0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added last week32 views

CVE-2026-10830 AllCoach < 1.0.2 - Unauthenticated Account Takeover

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...

0.00257EPSS
Exploits0References1
EUVD
EUVD
added last week4 views

EUVD-2026-41818

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...

8.8CVSS6AI score0.00257EPSS
Exploits0References1
CVE
CVE
added last week12 views

CVE-2026-10830

Affected software: AllCoach WordPress plugin

8.8CVSS6AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56030

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description An unauthenticated mass assignment issue exists in the client self-registration endpoint. This allows a visitor to assign themselves to an arbitrary client group during the sign-up process. Since...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 7:0 a.m.32 views

CVE-2026-14719 SourceCodester Onlne Examination & Learning Management System Registration Endpoint register.php privileges management

A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...

7.5CVSS0.00288EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 7:0 a.m.16 views

CVE-2026-14719

CVE-2026-14719 describes a privilege-management flaw in SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerable component is the register.php file of the Registration Endpoint. An attacker can manipulate the role parameter to achieve improper privilege management, and th...

7.5CVSS6.7AI score0.00288EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 2:45 a.m.33 views

CVE-2026-14695 SourceCodester Multi-Vendor Online Grocery Management System Registration Users.php save_client sql injection

A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveclient of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 2:45 a.m.17 views

CVE-2026-14695

Summary: CVE-2026-14695 affects SourceCodester Multi-Vendor Online Grocery Management System 1.0. The vulnerability exists in the Registration Handler’s function save_client (file: classes/Users.php) where manipulation of the Name argument enables an SQL injection. The issue can be triggered remo...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 2:45 a.m.8 views

EUVD-2026-41718

A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveclient of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 2:45 a.m.7 views

CVE-2026-14695

A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveclient of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.10 views

PT-2026-55773

Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An issue exists in the Registration Endpoint within the register.php file. A remote attacker can manipulate the role argument to cause improper privilege...

7.5CVSS7.1AI score0.00288EPSS
Exploits0References10
NVD
NVD
added 2026/07/02 7:16 p.m.11 views

CVE-2026-58465

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS0.00555EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 5:55 p.m.18 views

CVE-2026-58465

The CVE affects Eclipse Wakaama before snapshot/2026-05-26, with an unbounded memory allocation in the CoAP Block1 handler (coap/block.c). Unauthenticated remote attackers can exhaust memory by sending a sequence of Block1 PUT requests with incrementing block numbers to the registration endpoint ...

8.7CVSS6AI score0.00555EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:55 p.m.7 views

CVE-2026-58465

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS6AI score0.00555EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 5:55 p.m.7 views

EUVD-2026-41417

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS6AI score0.00555EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 3:37 p.m.7 views

CVE-2026-37106

A flaw was found in DokuWiki. A remote attacker can create an account through the registration function. This occurs when the DokuWiki instance is configured to allow self-registration, which is not the default setting. This could lead to the creation of unauthorized user accounts. Mitigation To...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 6:16 a.m.6 views

CVE-2026-11965

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

6.5CVSS0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 6:0 a.m.7 views

EUVD-2026-41255

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 6:0 a.m.18 views

CVE-2026-11965

The CVE-2026-11965 entry affects the WordPress plugin User Registration & Membership prior to version 5.2.0. The underlying issue is that the plugin does not enforce payment completion before activating a paid membership subscription, enabling unauthenticated users (after self-registering via the...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
Rows per page
Query Builder