EUVD-2026-12133

Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...

CVE-2026-31889

Shopware prior to versions 6.6.10.15 and 6.7.8.1 had a vulnerability in the app registration flow where the legacy HMAC‑based authentication did not sufficiently bind a shop installation to its domain. During re‑registration, the shop‑url could be updated without proving control of the previously...

CVE-2026-31889 Shopware has a potential take over of app credentials

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

Missing Critical Step in Authentication

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the WebAuthn Attestation Statement verification. An attacker can...

EUVD-2025-30914

Malicious code in bioql PyPI...

CVE-2025-0209

A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...

CVE-2025-0209 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server Account Registration Flow

A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...

PT-2025-39183

Name of the Vulnerable Software and Affected Versions WSO2 Identity Server affected versions not specified Description A reflected cross-site scripting XSS issue exists in the account registration process. This is due to improper output encoding, allowing a malicious actor to inject a crafted...

UBUNTU-CVE-2022-49506

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel panic issue that callback data will be NULL when it's using in ovl irq handler. There is a timing issue between mtkdispovlirqhandler and...

CVE-2023-4918

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are abl...

CVE-2023-4918

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are abl...

CVE-2023-4918

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are abl...

CVE-2023-4918

The CVE-2023-4918 entry concerns Keycloak (org.keycloak.userprofile) where password and password-confirm fields submitted during self-registration become regular user attributes. The described flaw allows any user with proper rights to read user attributes and retrieve passwords in clear text, po...

SUSE CVE-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...

CVE-2021-43791

Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a...

DEBIAN-CVE-2021-21416

django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters...

CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105...

CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105...

PT-2020-6431 · Nextcloud +1 · Nextcloud Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.3.1 Description: The issue is related to the lack of SSL certificate verification when using the "Register with a Provider" flow in the Nextcloud Desktop Client, allowing a remote attacker to impac...