CVE-2026-44443 Lumiverse: Sign-up nonce race condition allows unauthorized account registration

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce only checks that the module-level variable is set and unexpired. It does not validate any value from the incoming HTTP request or bind the nonce to the admin's session. If the admin's auth.api.signUpEmail call fails...

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...

EUVD-2026-14012

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

EUVD-2025-208135

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.13 Images Security Update

New images are available for Red Hat build of Keycloak 26.2.13 and Red Hat build of Keycloak 26.2.13 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.13 Security Update

New Red Hat build of Keycloak 26.2.13 packages are available from the Customer Portal Red Hat build of Keycloak 26.2.13 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

CVE-2026-1529

CVE-2026-1529 affects Keycloak. An attacker can craft/modify a legitimate invitation token’s JWT payload to change the organization ID and target email, exploiting a lack of cryptographic signature verification to self-register into an unauthorized organization and gain access. The vulnerability ...

CVE-2023-4278

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...

Primakon Pi Portal 安全漏洞

Primakon Pi Portal is a project, contract management platform from Primakon Croatia. A security vulnerability exists in Primakon Pi Portal version 1.0.18, which stems from a lack of authorization checking in the /api/v2/user/register endpoint, which could lead to unauthorized user registration...

WordPress WPFunnels plugin unauthorized user registration vulnerability

WordPress WPFunnels plugin is a funnel builder designed for WordPress and WooCommerce. WordPress WPFunnels plugin suffers from an unauthorized user registration vulnerability that stems from relying on the user control value optinallowregistration to determine user registration permissions, which...

CVE-2025-12353

The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value...

CVE-2025-12353

The CVE-2025-12353 issue affects the WordPress WPFunnels plugin (versions up to 3.6.2). The vulnerability stems from the plugin relying on a user-controlled value, optin_allow_registration, to decide if user registration is allowed, instead of the site-wide setting. This enables unauthenticated a...

CVE-2025-12353 WPFunnels <= 3.6.2 - Unauthorized User Registration

The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value...

WordPress plugin WPFunnels 安全漏洞

WordPress WPFunnels plugin is a funnel builder designed for WordPress and WooCommerce. WordPress WPFunnels plugin suffers from an unauthorized user registration vulnerability that stems from relying on the user control value optinallowregistration to determine user registration permissions, which...

EUVD-2024-16491

Malicious code in bioql PyPI...

EUVD-2023-44927

Malicious code in bioql PyPI...

EUVD-2024-47243

Malicious code in bioql PyPI...

EUVD-2024-49056

Malicious code in bioql PyPI...

Exploit for CVE-2024-8682

CVE-2024-8682 - JNews Unauthenticated Registration PoC JNew...

CVE-2024-0701

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...