TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

Summary A flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded...

EUVD-2026-16398

TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service...

CVE-2026-33541

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

CVE-2026-33541 TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

CVE-2026-33541

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

CVE-2026-33541 TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

TSPortal 安全漏洞

TSPortal is a team management platform developed by Miraheze. Previous versions of TSPortal had security vulnerabilities; these vulnerabilities stemmed from defects in the validation logic, allowing attackers to create arbitrary user records, leading to uncontrolled database growth and...

UBUNTU-CVE-2024-31208

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...

MGASA-2015-0381 Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.8.8, completed and graded lesson activity was not protected against making new attempts to answer some questions, so students could re-attempt answering questions in the lesson CVE-2015-5264. In Moodle before 2.8.8, users...

Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.8.8, completed and graded lesson activity was not protected against making new attempts to answer some questions, so students could re-attempt answering questions in the lesson CVE-2015-5264. In Moodle before 2.8.8, users...

PwnedList Partnership Provides Credential Monitoring for LastPass Users

A partnership announced today merges LastPass’s credential management services with PwnedList’s credential monitoring services. The companies said “credential management and credential monitoring are natural complements” and that the move will bolster password security for LastPass end users...