Lucene search
K

4 matches found

CVE
CVE
added 2026/04/30 6:21 p.m.14 views

CVE-2026-35514

Vulnerability overview : Chartbrew 4.9.0 contains an unauthenticated account creation bypass via POST /user/invited, which does not validate invite tokens, authentication headers, or sessions. This allows any unauthenticated user to create a fully active account and obtain a valid JWT, even when ...

6.5CVSS5.4AI score0.00243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/30 6:21 p.m.5 views

CVE-2026-35514 Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in Chartbrew

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

6.5CVSS5.7AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 6:21 p.m.6 views

EUVD-2026-26405

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

6.5CVSS5.4AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.7 views

PT-2025-52547

Name of the Vulnerable Software and Affected Versions Flex Store Users plugin for WordPress versions prior to 1.1.1 Description The Flex Store Users plugin for WordPress is susceptible to privilege escalation. Unauthenticated attackers can register with the 'administrator' role during registratio...

9.8CVSS6.4AI score0.00317EPSS
Exploits0References11
Rows per page
Query Builder