CVE-2026-33541 TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

TSPortal 安全漏洞

TSPortal is a team management platform developed by Miraheze. Previous versions of TSPortal had security vulnerabilities; these vulnerabilities stemmed from defects in the validation logic, allowing attackers to create arbitrary user records, leading to uncontrolled database growth and...

CVE-2025-57849

CVE-2025-57849 describes a container privilege escalation in certain Fuse images caused by the /etc/passwd file being created with group-writable permissions during build time. In affected containers, a non-root user who can run commands could use root-group membership to modify /etc/passwd, enab...

VulnCheck KEV: CVE-2023-7325

Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery SSRF vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix...

CVE-2025-56219

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service DoS when an excessively large number of user accounts are created...

CVE-2025-59428

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

CVE-2025-59428

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

EUVD-2025-34207

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

CVE-2025-59428 EspoCRM allows arbitrary user creation via stored SVG injection and CSRF

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

CVE-2025-59428 EspoCRM allows arbitrary user creation via stored SVG injection and CSRF

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

CVE-2025-59428

CVE-2025-59428 affects EspoCRM up to version 9.1.8. A combination of stored SVG injection and missing CSRF protection allows an attacker with Knowledge Base edit permissions to cause arbitrary user creation (including admin accounts) by luring an authenticated user to click a malicious SVG link t...

WordPress plugin Omnishop 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

CVE-2020-9267

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajaxserver.php...

CVE-2025-26342

CVE-2025-26342 affects Q-Free MaxTime (MaxTime

PT-2024-2544 · Jetbrains · Jetbrains Teamcity +1

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03 Description: The issue is related to weaknesses in the authorization mechanism of JetBrains TeamCity, a continuous integration and deployment system. This weakness can be exploited by a remote...

CVE-2023-25589

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise...

Design/Logic Flaw

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise...

PT-2022-23848 · Claroline · Claroline

Name of the Vulnerable Software and Affected Versions: Claroline versions 13.5.7 and prior Description: The issue allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. This can be achieved by combining an XSS vulnerability present in several uploa...

CVE-2020-20595

A cross-site request forgery CSRF in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add...