Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2025/11/25 12:17 a.m.19 views

CVE-2025-63952

A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

5.7CVSS6.7AI score0.00136EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.2 views

CVE-2025-63952

A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

6.3AI score0.00136EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.10 views

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

0.00138EPSS
Exploits1References2
OSV
OSV
added 2025/10/20 1:15 p.m.3 views

CVE-2025-56219

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service DoS when an excessively large number of user accounts are created...

7.1CVSS5.8AI score0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-2086

Malware in sbrugna...

7.5CVSS6.4AI score0.02079EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.3 views

SICK AG Enterprise Analytics 安全漏洞

SICK AG Enterprise Analytics is a package analysis software from SICK AG, Germany. A security vulnerability exists in SICK AG Enterprise Analytics that stems from a lack of a quota and checking mechanism that could lead to the arbitrary creation of user accounts...

3.8CVSS6.7AI score0.00299EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8106

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00221EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/06/09 5:26 p.m.10 views

CVE-2025-49652 Improper access control allows arbitrary account creation

Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...

9.8CVSS7.1AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2025/06/09 5:26 p.m.61 views

CVE-2025-49652

The CVE covers Lablup’s BackendAI, where the registration feature lacks authentication, allowing arbitrary users to create accounts and access private data even when registration is disabled. Concrete impact stated across sources: unauthorized account creation with high/critical severity (CVSS 3....

9.8CVSS7.1AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.10 views

CVE-2022-43340

A Cross-Site Request Forgery CSRF in dzzoffice 2.02.1SCUTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users...

8.8CVSS7AI score0.00414EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/21 12:0 a.m.4 views

CVE-2025-25772

A Cross-Site Request Forgery CSRF in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request...

6.5AI score0.00162EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2023/11/16 9:30 p.m.19 views

MLflow authentication requirement bypass can allow a user to arbitrarily create an account

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirement...

9.8CVSS7AI score0.01157EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2023/11/16 9:15 p.m.6 views

CVE-2023-6014

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment...

9.8CVSS5.8AI score0.01157EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/12/28 6:16 a.m.14 views

CVE-2022-46172 authentik allows existing authenticated users to create arbitrary accounts

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable...

6.4CVSS6.5AI score0.00539EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.5 views

Wire 授权问题漏洞

Wire is a chat program from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. An authorization issue vulnerability exists in versions prior to Wire 4.19.0, whi...

9.8CVSS7.9AI score0.00599EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2021/03/30 12:0 a.m.11 views

Woocommerce Customers Manager < 26.6 - Arbitrary Account Creation/Update via CSRF

The fixes for https://wpscan.com/vulnerability/126143e0-b0cc-4517-862e-3ac557db744f still allowed the issue to be performed via a CSRF attack. The uploadcsv AJAX action, available to authenticated users, did not have proper CRSF check, allowing attacker to make a logged in user with the...

6.7AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2021/02/24 12:0 a.m.642 views

Woocommerce Customers Manager < 26.5 - Arbitrary Account Creation/Update by Low Privilege Users

The uploadcsv AJAX action, available to authenticated users, did not have proper capability checks. allowing any authenticated users, such as a subscriber, to call it and import arbitrary users. They could either update their own account, to make themselves administrator, or create new...

1.9AI score
Exploits0References2
Patchstack
Patchstack
added 2021/01/28 12:0 a.m.10 views

WordPress uListing plugin <= 1.6.6 - Unauthenticated Arbitrary Account Creation/Change vulnerability

Unauthenticated Arbitrary Account Creation/Change vulnerability found by Jerome Bruandet in WordPress uListing plugin versions = 1.6.6. Solution Update the WordPress uListing plugin to the latest available version at least 1.7...

3.9AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/28 12:0 a.m.13 views

uListing < 1.7 - Unauthenticated Arbitrary Account Creation

The AJAX action stmlistingregister accessible to both authenticated and unauthenticated users did not perform capability and CSRF checks, allowing an unauthenticated user to create arbitrary accounts on the blog, including administrator ones...

5.5AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/06/23 12:0 a.m.2 views

HD intelligent recording system has logic flaw vulnerability

Guangzhou YingKeVision Electronic Technology Co., Ltd. is a high-tech enterprise focusing on big education, integrating R&D, design, production and sales. There is a logic flaw vulnerability in the HD Intelligent Recording and Broadcasting System, which can be exploited by an attacker to...

6.9AI score
Exploits0
Rows per page
Query Builder