Lucene search
K

16 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46177

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The registration endpoint '/v1/account/register' lacks bot mitigation mechanisms. This allows malicious automated systems to perform account creation exhaustion,...

9.1CVSS5.4AI score0.00243EPSS
Exploits0References4
OSV
OSV
added 2025/11/17 7:6 p.m.4 views

GHSA-V5W9-PRXF-W882 Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)

Summary An unauthenticated attacker can exploit the unprotected registration endpoint /register to create a new user and bypass authentication. Details Critical vulnerability in Flowise 3.0.1 on-premise deployment allows unauthenticated attackers to exploit the /api/v1/account/register endpoint t...

8.7CVSS7.3AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-27478

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.0029EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/11 8:27 p.m.15 views

CVE-2025-58442

Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...

5.3CVSS6.7AI score0.0029EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 8:15 p.m.33 views

CVE-2025-58442

Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...

5.3CVSS0.0029EPSS
Exploits0References4
CVE
CVE
added 2025/09/09 7:46 p.m.15 views

CVE-2025-58442

CVE-2025-58442 affects Saleor’s accountRegister API. From 3.21.0 up to 3.21.15, certain field requests in the response may trigger error handling that can reveal whether a given email is already registered, enabling user enumeration. The issue is resolved in 3.21.16. Workarounds include rate-limi...

5.3CVSS6.2AI score0.0029EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/09 7:46 p.m.3 views

CVE-2025-58442 Saleor has user enumeration vulnerability due to different error messages

Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...

5.3CVSS6.1AI score0.0029EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/09 7:46 p.m.32 views

CVE-2025-58442 Saleor has user enumeration vulnerability due to different error messages

Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...

5.3CVSS0.0029EPSS
Exploits0References4
OSV
OSV
added 2025/09/09 7:46 p.m.15 views

CVE-2025-58442 Saleor has user enumeration vulnerability due to different error messages

Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of accountRegister may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the...

5.3CVSS6.7AI score0.0029EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.7 views

PT-2025-36939

Name of the Vulnerable Software and Affected Versions: Saleor versions 3.21.0 through 3.21.15 Description: Saleor is an e-commerce platform. Requesting certain fields in the response of the accountRegister API endpoint may reveal whether a user with a provided email address already exists in the...

5.3CVSS6.3AI score0.0029EPSS
Exploits0References8
Snyk
Snyk
added 2025/02/28 2:42 p.m.1 views

Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS through the modification of the parameter name in /account/register. An attacker can modify the HTML content of the victim's browser by sending a malicious URL. Detail...

5.1CVSS5.3AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.3 views

PT-2025-9103 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: OpenCart versions prior to 4.1.0 Description: The issue allows an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in the "/account/register" API endpoint. Recommendations: For...

4.7CVSS6.1AI score0.00237EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.3 views

OpenCart 跨站脚本漏洞

OpenCart is an open source e-commerce system by the Chinese OpenCart team. The system provides modules for product reviews, product ratings, and product additions. A cross-site scripting vulnerability exists in OpenCart versions prior to 4.1.0. An attacker can exploit this vulnerability to modify...

4.7CVSS5.7AI score0.00237EPSS
Exploits0References1
OSV
OSV
added 2021/09/30 10:15 p.m.5 views

CVE-2020-20797

FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php...

9.8CVSS7.3AI score0.0108EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/09/30 12:0 a.m.5 views

FlameCMS SQL注入漏洞

FlameCMS is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in FlameCMS version 3.3.5, which stems from the lack of effective filtering and escaping of parameters in the software's accountregister.php, resulting in a time-based SQL blind injection...

9.8CVSS8.5AI score0.0108EPSS
Exploits1References2
Prion
Prion
added 2018/08/15 5:29 p.m.16 views

Authentication flaw

Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access 1 portal/addediteventuser.php, 2 portal/findapptpopupuser.php, 3 portal/getallergies.php, 4 portal/getamendments.php, 5 portal/getlabresults.php, 6...

6.4CVSS9.2AI score0.25935EPSS
Exploits4References6Affected Software1
Rows per page
Query Builder