10792 matches found
CVE-2026-10830
The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...
CVE-2026-10830 AllCoach < 1.0.2 - Unauthenticated Account Takeover
The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...
EUVD-2026-41818
The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...
CVE-2026-10830
Affected software: AllCoach WordPress plugin
PT-2026-56030
Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description An unauthenticated mass assignment issue exists in the client self-registration endpoint. This allows a visitor to assign themselves to an arbitrary client group during the sign-up process. Since...
CVE-2026-14719 SourceCodester Onlne Examination & Learning Management System Registration Endpoint register.php privileges management
A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...
CVE-2026-14719
CVE-2026-14719 describes a privilege-management flaw in SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerable component is the register.php file of the Registration Endpoint. An attacker can manipulate the role parameter to achieve improper privilege management, and th...
CVE-2026-14695 SourceCodester Multi-Vendor Online Grocery Management System Registration Users.php save_client sql injection
A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveclient of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the...
CVE-2026-14695
Summary: CVE-2026-14695 affects SourceCodester Multi-Vendor Online Grocery Management System 1.0. The vulnerability exists in the Registration Handler’s function save_client (file: classes/Users.php) where manipulation of the Name argument enables an SQL injection. The issue can be triggered remo...
EUVD-2026-41718
A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveclient of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the...
CVE-2026-14695
A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveclient of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the...
PT-2026-55773
Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An issue exists in the Registration Endpoint within the register.php file. A remote attacker can manipulate the role argument to cause improper privilege...
CVE-2026-58465
Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...
CVE-2026-58465
The CVE affects Eclipse Wakaama before snapshot/2026-05-26, with an unbounded memory allocation in the CoAP Block1 handler (coap/block.c). Unauthenticated remote attackers can exhaust memory by sending a sequence of Block1 PUT requests with incrementing block numbers to the registration endpoint ...
CVE-2026-58465
Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...
EUVD-2026-41417
Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...
CVE-2026-37106
A flaw was found in DokuWiki. A remote attacker can create an account through the registration function. This occurs when the DokuWiki instance is configured to allow self-registration, which is not the default setting. This could lead to the creation of unauthorized user accounts. Mitigation To...
CVE-2026-11965
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...
EUVD-2026-41255
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...
CVE-2026-11965
The CVE-2026-11965 entry affects the WordPress plugin User Registration & Membership prior to version 5.2.0. The underlying issue is that the plugin does not enforce payment completion before activating a paid membership subscription, enabling unauthenticated users (after self-registering via the...