Lucene search
+L

57 matches found

Vulnrichment
Vulnrichment
added 2025/08/15 3:2 a.m.6 views

CVE-2025-9005 mtons mblog register information exposure

A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is...

6.3CVSS6.8AI score0.00593EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/15 2:24 a.m.7 views

CVE-2025-8342 WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass

The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwpajaxregister function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to...

8.1CVSS7.6AI score0.00636EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.7 views

mblog 安全漏洞

mblog is a blogging system by the individual developer langhsu. A security vulnerability exists in mblog 3.5.0 and earlier versions, which stems from an incorrect operation of the file /register that results in the disclosure of information via an error message...

6.3CVSS6.4AI score0.00593EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/08/05 12:0 a.m.9 views

PT-2024-28879 · Unknown · Puneethreddyhc Online Shopping System

Name of the Vulnerable Software and Affected Versions: PuneethReddyHC Online Shopping system advanced version 1.0 Description: The issue allows an attacker to execute arbitrary code. An unauthenticated remote attacker can manipulate the address1 variable in the "register.php" endpoint...

9.8CVSS8.1AI score0.01005EPSS
Exploits0References4
OSV
OSV
added 2024/07/01 1:15 p.m.4 views

CVE-2024-6425

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=&Password=&ConfirmPassword="...

9.1CVSS5.8AI score0.00544EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.7 views

PT-2024-37617 · Mesbook · Mesbook

Name of the Vulnerable Software and Affected Versions: MESbook version 20221021.03 Description: The issue allows an unauthenticated remote attacker to register user accounts without authentication. This can be done by accessing the "/account/Register/" route and providing parameters such as...

9.1CVSS6.8AI score0.00544EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/30 12:0 a.m.4 views

PT-2024-37611 · Sourcecodester · Sourcecodester Medicine Tracker System

Name of the Vulnerable Software and Affected Versions: SourceCodester Medicine Tracker System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Medicine Tracker System. This issue affects an unknown part of the file /classes/Users.php?f=register user. The...

7.5CVSS7.9AI score0.00508EPSS
Exploits1References7
OSV
OSV
added 2024/04/07 11:15 p.m.6 views

CVE-2024-3432

A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument eventid/fullname/email/mobile/college/branch leads to sql injection. The attack may be...

8.8CVSS6AI score0.0064EPSS
Exploits1References3
OSV
OSV
added 2023/11/07 3:15 p.m.5 views

CVE-2023-33480

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...

8.8CVSS6.2AI score0.0193EPSS
Exploits1References1
0day.today
0day.today
added 2023/04/05 12:0 a.m.265 views

BTCPay Server v1.7.4 - HTML Injection Vulnerability

Exploit Title: BTCPay Server v1.7.4 - HTML Injection Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete API key, the html...

8.8CVSS8.7AI score0.07896EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.4 views

PT-2023-14951 · Unknown · Online Student Enrollment System

Name of the Vulnerable Software and Affected Versions: Online Student Enrollment System version 1.0 Description: A cross-site scripting XSS issue in the /admin/register.php component allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter...

5.4CVSS6.2AI score0.004EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/12/21 12:0 a.m.5 views

PT-2022-27736 · Unknown · Sourcecodester Covid-19 Directory On Vaccination System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Covid-19 Directory on Vaccination System version 1.0 Description: A Cross site scripting XSS issue allows attackers to execute arbitrary code via the txtfullname parameter or txtphone parameter to "register.php" without...

6.1CVSS6.3AI score0.00524EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/06/29 12:0 a.m.4 views

PT-2022-20977 · Sourcecodester · Sourcecodester Loan Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Zoo Management System version 1.0 Description: The issue concerns Cross Site Scripting XSS via the "public html/register visitor?msg=" endpoint. This allows for potential malicious script injection. No information is provided...

6.1CVSS6.2AI score0.00855EPSS
Exploits3References4
0day.today
0day.today
added 2022/06/03 12:0 a.m.263 views

Microweber CMS 1.2.15 - Account Takeover Vulnerability

Exploit Title: Microweber CMS 1.2.15 - Account Takeover Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631 Description:...

8.8CVSS0.1AI score0.08958EPSS
Exploits4
ATTACKERKB
ATTACKERKB
added 2022/03/03 12:15 a.m.0 views

CVE-2022-25471

An Insecure Direct Object Reference IDOR vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zendmodules/public/Installer/register...

8.1CVSS5.5AI score0.00831EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/07/19 12:0 a.m.9 views

PT-2018-12490 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: PHPCMS version 9.6.0 Description: The issue allows remote attackers to upload and execute arbitrary PHP code. This can be achieved by sending a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the...

9.8CVSS9.6AI score0.01472EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2012/08/13 12:0 a.m.11 views

PT-2012-5295 · Sockso · Sockso

Name of the Vulnerable Software and Affected Versions: Sockso versions 1.5 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the name parameter in the "user/register" endpoint. Recommendations: For Sockso versions 1.5 and...

4.3CVSS5.5AI score0.03556EPSS
Exploits1References9
Rows per page
Query Builder