CVE-2025-12093

CVE-2025-12093 (Voidek Employee Portal, WordPress) The vulnerability is a missing capability check in several AJAX actions, allowing unauthenticated users to perform account-related actions (register, delete users, modify details) in all versions up to 1.0.6. Wordfence notes the issue in the Void...

CVE-2025-12093 Voidek Employee Portal <= 1.0.7 - Missing Authorization

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

EUVD-2025-201356

The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account,...

CVE-2024-37312

The CVE concerns Nextcloud’s user_oidc OpenID Connect backend, where the ID4me endpoint lacks access control, enabling account registration and potential access to data available to all registered users. Publicly documented details come from Nextcloud advisories and HackerOne report, which confir...

CVE-2023-6774

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accountscon/registeraccount. The manipulation of the argument Username with the input alertdocument.cookie leads to cross...

CVE-2023-6773

A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accountscon/registeraccount of the component User Creation Handler. The manipulation of the argument accountty...

Inventory Management System Cross-Site Scripting Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A cross-site scripting vulnerability exists in CodeAstro POS and Inventory Management System version 1.0, which stems from the presence of an unknown function in /accountscon/registeraccount that lead...

PT-2023-32773 · Unknown · Codeastro Pos/Inventory Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro POS and Inventory Management System version 1.0 Description: A vulnerability was found in the system, classified as problematic, affecting some unknown functionality of the file /accounts con/register account. The manipulation of th...

Foodiee Online Food Ordering Web Application 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : Foodiee - Online Food Ordering Web Application V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozil...

Arbitrary Password Reset Vulnerability in Xikai Gold Service App

Xikai Gold App is a professional investment and financial management software. Xikai Gold App has any password reset vulnerability, attackers can successfully register any account and reset any account password by grabbing packets...

Subdreamer Pro 3.0.4 - CMS Upload Vulnerability

No description provided by source. . \\ \\ / |/ | || | | /\\ \\\\ \\ \\/ \\| | \\/ /\\ \\ | | | | \\ / \\| | | | | /\\ \\ / \\| | | / /| || \\/|// /| \\/ \\/ \\/ \\/ Exploit Title: Subdreamer Pro v3.0.4 CMS upload Vulnerability Author: Battousai Home:...

phpscup enterprise built Station system v1. 8. 2-stored xss vulnerability-vulnerability warning-the black bar safety net

Long time useless computer, recently busy Ah, just from the factory-do come back..... Just before this point of time on the Internet, ^^ looking for a source see directly the analogy recommended and download!!! phpscup enterprise built Station system v1. 8. 2 Analysis ing...... The online search...

SiteEngine 7.1 members to upload WEBSHELL vulnerability 0DAY-vulnerability warning-the black bar safety net

Author:hackdn Reprinted indicate the zend encoding and decryption is not complete, do not bother to look at the code, use a Tamper or the like of the plug-in test of the POST parameters, it's$sFile = $oFile'name';filtering too fool, looks like the 5th version after you modify a function. This is ...

megafile-sql.txt

Script: Mega File Hosting script Type: SQL Injection 1923TURK.ORG TURKiSHWARRiORR Step 1: Register an account Step 2: login and go to /members.php?folders=1 Step 3: Create a folder with any name Exploitation options: ADIM 1:...

Mega File Hosting Script 1.2 (fid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ===================================================================== Mega File Hosting Script 1.2 fid Remote SQL Injection Vulnerability ===================================================================== Script: Mega File Hosting scrip...