Lucene search
K

6109 matches found

Nuclei
Nuclei
added 12 hours ago79 views

WordPress Pie-Register <2.0.19 - Cross-Site Scripting

WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URL. id: CVE-2015-7377 info: nam...

4.3CVSS6.2AI score0.04405EPSS
Exploits3References5
Nuclei
Nuclei
added 12 hours ago8 views

Python Flask-Security-Too <=5.3.2 - Open Redirect

An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks NVD...

6.1CVSS6.4AI score0.01079EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago98 views

WordPress Pie Register <= 3.7.1.4 - Authentication Bypass

An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting socialsite=true and manipulating the useridsocialsite parameter,...

10CVSS7.5AI score0.09903EPSS
Exploits7References3
Nuclei
Nuclei
added 12 hours ago92 views

WordPress Pie Register <3.8.2.3 - Open Redirect

WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute...

5.4CVSS6.5AI score0.24263EPSS
Exploits2References2
Nuclei
Nuclei
added 12 hours ago84 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...

8.1CVSS6.9AI score0.08377EPSS
Exploits3References3
Nuclei
Nuclei
added 12 hours ago71 views

WordPress Pie Register <3.7.0.1 - Cross-Site Scripting

WordPress Pie Register plugin before 3.7.0.1 is susceptible to cross-site scripting. The plugin does not sanitize the invitaioncode GET parameter when outputting it in the Activation Code page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

6.1CVSS6.1AI score0.01602EPSS
Exploits2References3
NVD
NVD
added 17 hours ago6 views

CVE-2026-11802

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wpajaxnoprivregistrationaction AJAX action, lacks any nonce verification or capability check, and...

5.3CVSS
Exploits0References8
CVE
CVE
added 17 hours ago8 views

CVE-2026-11802

The CVE covers the FoodBook Lite WordPress plugin (up to version 1.5.6). The registration() function exposed via the wp_ajax_nopriv_registration_action AJAX action lacks nonce verification, lacks capability checks, and does not honor WordPress users_can_register before calling wp_insert_user(). T...

5.3CVSS6AI score
Exploits0References8
CVE
CVE
added yesterday7 views

CVE-2026-58488

CVE-2026-58488 affects HedgeDoc versions prior to 1.11.0. The vulnerability arises from the login/register rate-limit logic which, when a cf-connecting-ip header is present, uses that header instead of the user’s real IP—even if requests did not originate from Cloudflare. This allowed an attacker...

6.9CVSS6.2AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57768

Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through = 3.3.3...

8.2CVSS0.00321EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57768

CVE-2026-57768 impacts the WordPress plugin Houzez Login Register (versions

8.2CVSS6.1AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-57768 WordPress Houzez Login Register plugin <= 3.3.3 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through = 3.3.3...

8.2CVSS0.00321EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-45196

CVE-2026-45196 involves GPU DDK components (rgxfw_hwperf_hw) where unsanitized pointers from host-kernel inside a Host VM enable arbitrary GPU register writes via GPU Firmware commands, leading to privilege escalation. Exploitation is described as local with low privileges and no user interaction...

7.8CVSS6.1AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-45196 GPU DDK - Arbitrary GPU register write in rgxfw_hwperf_hw due to unsanitized pointers from host kernel

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation...

0.00142EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Houzez Login Register plugin <= 3.3.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Houzez Login Register versions = 3.3.3...

8.2CVSS6.1AI score0.00321EPSS
Exploits0Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-14250

The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.2. This is due to the handlefrontendregister function in the unauthenticated /thlogin/v1/register REST endpoint accepting a user-controlled 'role' parameter and...

6.3CVSS0.00209EPSS
Exploits0References6
CVE
CVE
added 6 days ago13 views

CVE-2026-14250

The CVE-2026-14250 issue affects the Themehunk Login Registration plugin for WordPress up to version 1.0.2. The root cause is in handle_frontend_register() at the unauthenticated /thlogin/v1/register REST endpoint, which accepts a user-controlled role parameter and validates it only against get_e...

6.3CVSS5.8AI score0.00209EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.4 views

PT-2026-56298

Name of the Vulnerable Software and Affected Versions @better-auth/sso versions 0.1.0 through 1.6.10 @better-auth/sso versions 1.7.0-beta.x Description An SSRF flaw exists in the provider registration flow where OpenID Connect OIDC endpoint URLs are accepted without proper validation. When...

9.6CVSS6AI score0.00025EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 8:16 a.m.8 views

CVE-2026-14719

A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...

7.5CVSS0.00288EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 7:0 a.m.8 views

EUVD-2026-41733

A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...

7.5CVSS6.7AI score0.00288EPSS
Exploits0References6
Rows per page
Query Builder