Lucene search
K

49 matches found

Nuclei
Nuclei
added 8 hours ago66 views

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...

9.8CVSS7AI score0.14462EPSS
Exploits3References2
NVD
NVD
added 3 days ago7 views

CVE-2026-12276

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-12276

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-12276

Affected software: LA-Studio Element Kit for Elementor WordPress plugin

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-42829

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-12276 LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.6 views

CVE-2026-27836

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited us...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
OSV
OSV
added 2026/02/27 9:1 p.m.6 views

GHSA-W22Q-M2FM-X9F4 phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint

Summary The WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, CAPTCHA, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Details File:...

7.5CVSS6AI score0.0041EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/27 9:1 p.m.7 views

EUVD-2026-9059

phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References2
NVD
NVD
added 2026/02/27 8:21 p.m.9 views

CVE-2026-27836

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited us...

7.5CVSS0.0041EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 7:54 p.m.3 views

CVE-2026-27836

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited us...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/31 9:31 p.m.4 views

EUVD-2025-37399

ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration...

8.8CVSS6.4AI score0.00342EPSS
Exploits0References5
OSV
OSV
added 2025/10/31 6:31 p.m.4 views

CVE-2025-64349 ELOG user profile missing authorization

ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration...

8.7CVSS6AI score0.00342EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-0687

Malware in sbrugna...

5CVSS6.2AI score0.01354EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-29045

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:40 a.m.5 views

CVE-2024-4444

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'createaccount' function in the checkout. This makes it possible for unauthenticated attackers to register as the...

6.5CVSS5.9AI score0.00712EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:47 p.m.8 views

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

8.5CVSS6.8AI score0.00687EPSS
Exploits0
OSV
OSV
added 2024/07/12 11:15 a.m.9 views

CVE-2024-6328

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebasesmslogin' and 'firebasesmsloginv2' functions...

9.8CVSS5.8AI score0.0067EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.20 views

GitLab 10.5 < 13.6.7 / 13.7 < 13.7.7 / 13.8 < 13.8.4 (CVE-2021-22175)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an...

9.8CVSS8.7AI score0.53372EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/05/10 8:32 a.m.26 views

CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'createaccount' function in the checkout. This makes it possible for unauthenticated attackers to register as the...

5.3CVSS6.8AI score0.00712EPSS
Exploits1References4
Rows per page
Query Builder