16 matches found
PT-2026-46177
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The registration endpoint '/v1/account/register' lacks bot mitigation mechanisms. This allows malicious automated systems to perform account creation exhaustion,...
GHSA-V5W9-PRXF-W882 Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)
Summary An unauthenticated attacker can exploit the unprotected registration endpoint /register to create a new user and bypass authentication. Details Critical vulnerability in Flowise 3.0.1 on-premise deployment allows unauthenticated attackers to exploit the /api/v1/account/register endpoint t...
EUVD-2025-27478
Malicious code in bioql PyPI...
CVE-2025-58442
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...
CVE-2025-58442
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...
CVE-2025-58442
CVE-2025-58442 affects Saleor’s accountRegister API. From 3.21.0 up to 3.21.15, certain field requests in the response may trigger error handling that can reveal whether a given email is already registered, enabling user enumeration. The issue is resolved in 3.21.16. Workarounds include rate-limi...
CVE-2025-58442 Saleor has user enumeration vulnerability due to different error messages
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...
CVE-2025-58442 Saleor has user enumeration vulnerability due to different error messages
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...
CVE-2025-58442 Saleor has user enumeration vulnerability due to different error messages
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...
PT-2025-36939
Name of the Vulnerable Software and Affected Versions: Saleor versions 3.21.0 through 3.21.15 Description: Saleor is an e-commerce platform. Requesting certain fields in the response of the accountRegister API endpoint may reveal whether a user with a provided email address already exists in the...
Cross-site Scripting (XSS)
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS through the modification of the parameter name in /account/register. An attacker can modify the HTML content of the victim's browser by sending a malicious URL. Detail...
PT-2025-9103 · Opencart · Opencart
Name of the Vulnerable Software and Affected Versions: OpenCart versions prior to 4.1.0 Description: The issue allows an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in the "/account/register" API endpoint. Recommendations: For...
OpenCart 跨站脚本漏洞
OpenCart is an open source e-commerce system by the Chinese OpenCart team. The system provides modules for product reviews, product ratings, and product additions. A cross-site scripting vulnerability exists in OpenCart versions prior to 4.1.0. An attacker can exploit this vulnerability to modify...
CVE-2020-20797
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php...
FlameCMS SQL注入漏洞
FlameCMS is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in FlameCMS version 3.3.5, which stems from the lack of effective filtering and escaping of parameters in the software's accountregister.php, resulting in a time-based SQL blind injection...
Authentication flaw
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access 1 portal/addediteventuser.php, 2 portal/findapptpopupuser.php, 3 portal/getallergies.php, 4 portal/getamendments.php, 5 portal/getlabresults.php, 6...