Lucene search
K

129 matches found

Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-59795

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible...

8.1CVSS0.00268EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-12276

Affected software: LA-Studio Element Kit for Elementor WordPress plugin

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42829

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:41 p.m.7 views

CVE-2026-43925

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38999

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS6AI score0.00406EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:37 p.m.6 views

CVE-2026-13164

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS6AI score0.00406EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 3:37 p.m.46 views

CVE-2026-13164 Unauthenticated self-registration in MailerUp allows access to stored email data

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS0.00406EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:37 p.m.13 views

CVE-2026-13164

Technical details are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6AI score0.00406EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2025-6254

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...

9.8CVSS5.5AI score0.00494EPSS
Exploits1References1
NVD
NVD
added 2026/06/10 10:16 a.m.17 views

CVE-2025-6254

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...

9.8CVSS0.00494EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 8:28 a.m.14 views

EUVD-2025-210104

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreatprocessregistration function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers ...

9.8CVSS5.5AI score0.00494EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

WordPress plugin Doctreat Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.5AI score0.00494EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/22 4:29 a.m.48 views

CVE-2026-9018 Easy Elements for Elementor – Addons & Website Templates <= 1.4.5 - Unauthenticated Privilege Escalation via 'custom_meta' Parameter

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the easyelhandleregister function. This is due to the wpajaxnopriveelregister AJAX handler iterating the attacker-controlled...

8.8CVSS0.00541EPSS
Exploits1References5
NVD
NVD
added 2026/05/21 1:16 p.m.22 views

CVE-2026-5118

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...

9.8CVSS0.00487EPSS
Exploits5References2
NVD
NVD
added 2026/05/18 3:16 p.m.15 views

CVE-2026-41947

Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to...

9.3CVSS0.00453EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/18 1:50 p.m.39 views

CVE-2026-41948 Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

9.4CVSS0.00509EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/18 1:48 p.m.33 views

CVE-2026-41947 Dify < 1.14.2 Authorization Bypass via Trace Configuration Endpoints

Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to...

9.3CVSS5.8AI score0.00453EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41675

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.14.2 Description Authenticated users can manipulate requests forwarded to the Plugin Daemon's internal REST API due to insufficient URL path sanitization. By using unencoded dot sequences in task identifiers or...

9.4CVSS6.1AI score0.00509EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41674

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.14.2 Description An authorization bypass allows authenticated editor users to set and enable trace configurations for any application, regardless of tenant ownership. This occurs due to missing tenant ownership checks ...

9.3CVSS6.1AI score0.00453EPSS
Exploits1References16
CVE
CVE
added 2026/05/14 6:39 p.m.25 views

CVE-2026-44592

Gradient is a nix-based CI system. In version 1.1.0, when GRADIENT_DISCOVERABLE=true (default), an unauthenticated actor that can reach /proto can register as a worker using a fresh UUID. The resulting session is PeerAuth::Open, allowing access to jobs from any organization, and can immediately N...

9.4CVSS5.9AI score0.00157EPSS
Exploits0References1
Rows per page
Query Builder