CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

90 matches found

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...

10CVSS7.3AI score0.6202EPSS

Exploits2References3

Github Security Blog•added 5 days ago•14 views

Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords

Summary modules/registration.php mode sendlogin regenerates a random password for useruuidassigned, stores its bcrypt hash in admusers.usrpassword, and emails the cleartext to that user. Every other state-changing mode in the same file assignmember, assignuser, deleteuser, createuser calls...

5.7AI score

Exploits0References2Affected Software1

Cvelist•added 2026/04/22 1:25 p.m.•23 views

CVE-2026-5750 Insecure direct object reference (IDOR) vulnerability in Fullstep

An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...

7.6CVSS0.0005EPSS

Exploits0References1

CVE•added 2026/04/22 1:25 p.m.•4 views

CVE-2026-5750

CVE-2026-5750 describes an IDOR vulnerability in the Fullstep V5 registration flow. Authenticated users can access data belonging to other registered users via vulnerable endpoints, notably “/api/suppliers/v1/suppliers//false” (listing user information) and “/#/supplier-registration/supplier-regi...

7.6CVSS5.8AI score0.0005EPSS

Exploits0References1

Cvelist•added 2026/04/22 1:23 p.m.•22 views

CVE-2026-5749 Inadequate access control vulnerability in Fullstep

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

8.7CVSS0.00095EPSS

Exploits0References1

CNNVD•added 2026/04/22 12:0 a.m.•3 views

Fullstep 访问控制错误漏洞

Fullstep is a corporate procurement and supply chain management platform developed by Fullstep Inc. The Fullstep V5 version contains an access control vulnerability. This vulnerability stems from insufficient access control during the registration process, allowing unauthenticated users to obtain...

8.7CVSS5.8AI score0.00095EPSS

Exploits0References1

CNNVD•added 2026/04/12 12:0 a.m.•1 views

Nsasoft SpotFTP Password Recover 安全漏洞

Nsasoft SpotFTP Password Recover is a tool developed by the NSASoft company in the United States, designed to recover saved account passwords from FTP clients. Version 2.4.2 of Nsasoft SpotFTP Password Recover contains a security vulnerability. This vulnerability stems from insufficient input...

6.9CVSS5.8AI score0.0001EPSS

Exploits1References2

Snyk•added 2026/03/22 3:30 a.m.•1 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the HandleRegistrationComplete function. An attacker can cause a denial of service by sending an out-of-sequence NAS message during the registration procedure. Remediation Upgrade...

6.9CVSS5.8AI score0.00086EPSS

Exploits0References2

CNNVD•added 2026/03/11 12:0 a.m.•2 views

Shopware 安全漏洞

Shopware is a set of open-source e-commerce software developed by the German company Shopware GmbH. Versions prior to Shopware 6.6.10.15 and 6.7.8.1 contained security vulnerabilities. These vulnerabilities stemmed from defects in the application registration process, which could allow attackers ...

8.9CVSS5.8AI score0.00094EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:10 p.m.•4 views

CVE-2018-18622

An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public=doregister username parameter...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:58 a.m.•3 views

CVE-2020-7245

Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's...

9.8CVSS7.2AI score0.00383EPSS

Exploits0References1

Cvelist•added 2025/11/04 3:19 a.m.•4 views

CVE-2025-27064 Buffer Over-read in Core Services

Information disclosure while registering commands from clients with diag through diagHal...

6.1CVSS0.00016EPSS

Exploits0References1

CNNVD•added 2025/11/04 12:0 a.m.•2 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, an American company. A security vulnerability exists in Qualcomm Chipsets that stems from an information disclosure when registering client commands via diagHal...

6.1CVSS6.5AI score0.00016EPSS

Exploits0References1

EUVD•added 2025/10/22 3:31 p.m.•2 views

EUVD-2025-35515

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cynob IT Consultancy Auto Login After Registration auto-login-after-registration allows Reflected XSS.This issue affects Auto Login After Registration: from n/a through = 1.0.0...

5.9AI score0.00029EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-6152

Malware in sbrugna...

9.8CVSS9.5AI score0.01398EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-15707

Malware in sbrugna...

9.8CVSS9.2AI score0.00408EPSS

Exploits0References2