23 matches found
CVE-2026-32760
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
CVE-2026-30855
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...
CVE-2025-12641
The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...
CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion
The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...
CVE-2025-12641
The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...
EUVD-2025-14710
Malicious code in bioql PyPI...
EUVD-2025-23993
Malicious code in bioql PyPI...
CVE-2025-47872 EG4 Electronics EG4 Inverters Observable Discrepancy
The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gai...
PT-2025-32367 · Eg4 Electronics · Eg4 12000Xp +6
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The public-facing product registration endpoint server responds differently based on the status of the serial number S/N – whether it is valid and unregistere...
CVE-2025-32374
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8...
CVE-2025-32374
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8...
Denial of Service (DoS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Denial of Service DoS through the public registration form. Details Denial of Service DoS describes a family of attacks, all aime...
CVE-2025-32374 Possible Denial of Service (DoS) in DNN.PLATFORM registration
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8...
DNN 安全漏洞
DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable and feature-rich. A security vulnerability exists in DNN, which stems from the fact that specially crafted...
PT-2025-15706 · Dnn · Dnn
Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.8 Description: The issue concerns a possible denial of service that can be triggered by submitting specially crafted information in the public registration form. Recommendations: For versions pri...
Rocket.Chat: Registration bypass with leaked Invite Token
The Rocket.Chat API route 'validateInviteToken' was vulnerable to a registration bypass attack. The route allowed unauthenticated users to guess valid invite tokens by sending a crafted JSON payload with a regular expression. Once a valid token was obtained, the user could access private channels...
DRUPAL-CONTRIB-2020-006
This module enables you to authenticate Drupal users using an external SAML Identity Provider. If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesn't sufficiently enforce the administrative approval requirement, in the...
SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006
This module enables you to authenticate Drupal users using an external SAML Identity Provider. If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesn't sufficiently enforce the administrative approval requirement, in the...
Coppermine Gallery 1.5.44 Directory Traversal
Coppermine Gallery = 1.5.44 directory traversal vulnerability ============================================================== Coppermine is a multi-purpose fully-featured and integrated web picture gallery script written in PHP using GD or ImageMagick as image library with a MySQL backend. A...
XSS Hunter is Now Open Source – Here’s How to Set It Up!
Recently I opened up XSS Hunter for public registration, this was after publishing a post on how I used XSS Hunter to hack GoDaddy via blind XSS and pointed out that many penetration testers use a very limited alert box-based pentesting methodology which will not detect these types of issues. Aft...