30 matches found
CVE-2025-63952
A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...
CVE-2025-63952
A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...
CVE-2025-63953
A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...
CVE-2025-56219
Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service DoS when an excessively large number of user accounts are created...
EUVD-2014-2086
Malware in sbrugna...
SICK AG Enterprise Analytics 安全漏洞
SICK AG Enterprise Analytics is a package analysis software from SICK AG, Germany. A security vulnerability exists in SICK AG Enterprise Analytics that stems from a lack of a quota and checking mechanism that could lead to the arbitrary creation of user accounts...
EUVD-2025-8106
Malicious code in bioql PyPI...
CVE-2025-49652 Improper access control allows arbitrary account creation
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
CVE-2025-49652
The CVE covers Lablup’s BackendAI, where the registration feature lacks authentication, allowing arbitrary users to create accounts and access private data even when registration is disabled. Concrete impact stated across sources: unauthorized account creation with high/critical severity (CVSS 3....
CVE-2022-43340
A Cross-Site Request Forgery CSRF in dzzoffice 2.02.1SCUTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users...
CVE-2025-25772
A Cross-Site Request Forgery CSRF in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request...
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirement...
CVE-2023-6014
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment...
CVE-2022-46172 authentik allows existing authenticated users to create arbitrary accounts
authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable...
Wire 授权问题漏洞
Wire is a chat program from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. An authorization issue vulnerability exists in versions prior to Wire 4.19.0, whi...
Woocommerce Customers Manager < 26.6 - Arbitrary Account Creation/Update via CSRF
The fixes for https://wpscan.com/vulnerability/126143e0-b0cc-4517-862e-3ac557db744f still allowed the issue to be performed via a CSRF attack. The uploadcsv AJAX action, available to authenticated users, did not have proper CRSF check, allowing attacker to make a logged in user with the...
Woocommerce Customers Manager < 26.5 - Arbitrary Account Creation/Update by Low Privilege Users
The uploadcsv AJAX action, available to authenticated users, did not have proper capability checks. allowing any authenticated users, such as a subscriber, to call it and import arbitrary users. They could either update their own account, to make themselves administrator, or create new...
WordPress uListing plugin <= 1.6.6 - Unauthenticated Arbitrary Account Creation/Change vulnerability
Unauthenticated Arbitrary Account Creation/Change vulnerability found by Jerome Bruandet in WordPress uListing plugin versions = 1.6.6. Solution Update the WordPress uListing plugin to the latest available version at least 1.7...
uListing < 1.7 - Unauthenticated Arbitrary Account Creation
The AJAX action stmlistingregister accessible to both authenticated and unauthenticated users did not perform capability and CSRF checks, allowing an unauthenticated user to create arbitrary accounts on the blog, including administrator ones...
HD intelligent recording system has logic flaw vulnerability
Guangzhou YingKeVision Electronic Technology Co., Ltd. is a high-tech enterprise focusing on big education, integrating R&D, design, production and sales. There is a logic flaw vulnerability in the HD Intelligent Recording and Broadcasting System, which can be exploited by an attacker to...