EUVD-2026-24744

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

CVE-2025-1309

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uipsaveformasoption function in all versions up to, and including, 3.5.04...

CVE-2023-27195

Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tmajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tmajax.msw request. If the access code was used to create an Administrator...

CVE-2024-9518

The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'formactions' and 'userplusupdateuserprofile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyin...

PT-2023-25932 · Weintek · Weintek Weincloud

Name of the Vulnerable Software and Affected Versions: Weintek Weincloud version 0.13.6 Description: The issue allows an attacker to abuse the registration functionality to login with testing credentials to the official website. Recommendations: For Weintek Weincloud version 0.13.6, consider...