Lucene search
K

22 matches found

Vulnrichment
Vulnrichment
added 2026/02/27 7:38 p.m.3 views

CVE-2026-27793 Seerr has Broken Object-Level Authorization in User Profile Endpoint that Exposes Third-Party Notification Credentials

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the GET /api/v1/user/:id endpoint returns the full settings object for any user, including Pushover, Pushbullet, and Telegram credentials, to any authenticated requester regardless of...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/02/12 5:16 p.m.5 views

CVE-2025-61879

In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism...

7.7CVSS0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.6 views

PT-2026-6996

Name of the Vulnerable Software and Affected Versions detronetdip E-commerce version 1.0.0 Description A weakness exists in detronetdip E-commerce 1.0.0 related to account creation. A manipulation of the email argument within an unknown function of the file /Admin/assets/backend/seller/add...

7.5CVSS5.2AI score0.0057EPSS
Exploits1References8
OSV
OSV
added 2025/11/24 5:16 p.m.4 views

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

6.5CVSS5.8AI score0.00138EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-6732

Malware in sbrugna...

7.5CVSS6.4AI score0.02324EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-3203

Malware in sbrugna...

5CVSS6.4AI score0.01024EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0080

Malware in sbrugna...

8.8CVSS8.5AI score0.01771EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-18449

Malware in sbrugna...

5.5CVSS5.3AI score0.00576EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-54001

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00405EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-48997

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00539EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:6 p.m.6 views

EUVD-2025-32303

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...

8.1CVSS6.6AI score0.00388EPSS
Exploits1References3
Source Incite
Source Incite
added 2025/08/13 12:0 a.m.148 views

SRC-2025-0001 : Samsung MagicINFO 9 Server ResponseBootstrappingActivity Exposed Dangerous Method Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO. Authentication is required and SaaS environment needs to be configured. The specific flaw exists within ability to dynamically create FTP accounts. An attack...

6.7AI score
Exploits0
CVE
CVE
added 2025/07/23 2:24 a.m.25 views

CVE-2025-6215

CVE-2025-6215 - Omnishop WordPress Plugin : The Omnishop plugin (WordPress) is vulnerable to unauthenticated registration bypass in all versions up to 1.0.9. The REST endpoint /users/register is publicly accessible because permission_callback always returns true and it calls wp_create_user() unco...

5.3CVSS7.2AI score0.00264EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 a.m.6 views

CVE-2019-15863

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation with the none role via a request for variants...

7.5CVSS7.1AI score0.0162EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/12/27 5:20 p.m.605 views

XVIDEOS: Lack of Rate Limiting on Account Creation Endpoint

A vulnerability was identified in the account creation process. The affected endpoint lacked proper rate limiting mechanisms, allowing for the automated creation of multiple user accounts without restrictions. This security flaw could be exploited using tools to generate a large number of fake...

6.8AI score
Exploits0
OSV
OSV
added 2024/06/27 7:15 p.m.12 views

CVE-2024-5755

In lunary-ai/lunary versions =v1.2.11, an attacker can bypass email validation by using a dot character '.' in the email address. This allows the creation of multiple accounts with essentially the same email address e.g., '[email protected]' and '[email protected]', leading to incorrect...

5.3CVSS6.9AI score0.00338EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.11 views

CVE-2021-4343 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Creation

The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stmlistingregister AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated...

9.8CVSS7.2AI score0.014EPSS
Exploits1References3
Hacker One
Hacker One
added 2022/10/08 6:13 p.m.145 views

Nextcloud: No password length limit when creating a user as an administrator

Hi, when I try to set the password while creating an account I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behalf...

3.3CVSS0.4AI score0.00806EPSS
Exploits0
CNVD
CNVD
added 2020/06/23 12:0 a.m.2 views

HD intelligent recording system has logic flaw vulnerability

Guangzhou YingKeVision Electronic Technology Co., Ltd. is a high-tech enterprise focusing on big education, integrating R&D, design, production and sales. There is a logic flaw vulnerability in the HD Intelligent Recording and Broadcasting System, which can be exploited by an attacker to...

6.9AI score
Exploits0
OSV
OSV
added 2018/10/17 6:29 a.m.4 views

CVE-2018-18436

JTBCPHP 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI...

8.8CVSS5.8AI score0.00513EPSS
Exploits1References1
Rows per page
Query Builder