22 matches found
CVE-2026-27793 Seerr has Broken Object-Level Authorization in User Profile Endpoint that Exposes Third-Party Notification Credentials
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the GET /api/v1/user/:id endpoint returns the full settings object for any user, including Pushover, Pushbullet, and Telegram credentials, to any authenticated requester regardless of...
CVE-2025-61879
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism...
PT-2026-6996
Name of the Vulnerable Software and Affected Versions detronetdip E-commerce version 1.0.0 Description A weakness exists in detronetdip E-commerce 1.0.0 related to account creation. A manipulation of the email argument within an unknown function of the file /Admin/assets/backend/seller/add...
CVE-2025-63953
A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...
EUVD-2008-6732
Malware in sbrugna...
EUVD-2006-3203
Malware in sbrugna...
EUVD-2018-0080
Malware in sbrugna...
EUVD-2021-18449
Malware in sbrugna...
EUVD-2024-54001
Malicious code in bioql PyPI...
EUVD-2022-48997
Malicious code in bioql PyPI...
EUVD-2025-32303
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...
SRC-2025-0001 : Samsung MagicINFO 9 Server ResponseBootstrappingActivity Exposed Dangerous Method Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO. Authentication is required and SaaS environment needs to be configured. The specific flaw exists within ability to dynamically create FTP accounts. An attack...
CVE-2025-6215
CVE-2025-6215 - Omnishop WordPress Plugin : The Omnishop plugin (WordPress) is vulnerable to unauthenticated registration bypass in all versions up to 1.0.9. The REST endpoint /users/register is publicly accessible because permission_callback always returns true and it calls wp_create_user() unco...
CVE-2019-15863
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...
XVIDEOS: Lack of Rate Limiting on Account Creation Endpoint
A vulnerability was identified in the account creation process. The affected endpoint lacked proper rate limiting mechanisms, allowing for the automated creation of multiple user accounts without restrictions. This security flaw could be exploited using tools to generate a large number of fake...
CVE-2024-5755
In lunary-ai/lunary versions =v1.2.11, an attacker can bypass email validation by using a dot character '.' in the email address. This allows the creation of multiple accounts with essentially the same email address e.g., '[email protected]' and '[email protected]', leading to incorrect...
CVE-2021-4343 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Creation
The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stmlistingregister AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated...
Nextcloud: No password length limit when creating a user as an administrator
Hi, when I try to set the password while creating an account I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behalf...
HD intelligent recording system has logic flaw vulnerability
Guangzhou YingKeVision Electronic Technology Co., Ltd. is a high-tech enterprise focusing on big education, integrating R&D, design, production and sales. There is a logic flaw vulnerability in the HD Intelligent Recording and Broadcasting System, which can be exploited by an attacker to...
CVE-2018-18436
JTBCPHP 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI...