Lucene search
+L

10906 matches found

Patchstack
Patchstack
added 5 days ago7 views

WordPress FoodBook Lite – Online Food Ordering System plugin <= 1.5.6 - Missing Authorization to Unauthenticated User Registration vulnerability

Missing Authorization to Unauthenticated User Registration vulnerability discovered by Eason in WordPress Plugin FoodBook Lite – Online Food Ordering System versions = 1.5.6...

5.3CVSS6.1AI score0.00311EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43284

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

8.1CVSS6.1AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-11963

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

8.1CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-11963

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

6.1AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43088

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

6.1AI score0.00508EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/11 12:0 a.m.8 views

PT-2026-57423

Name of the Vulnerable Software and Affected Versions Genolve – AI image AI video generation plugin for WordPress versions prior to 5.0.6 Description Authenticated attackers with Contributor-level access and above can perform unauthorized modification of data. This is caused by a missing capabili...

8.8CVSS6.2AI score0.00308EPSS
Exploits0References7
NVD
NVD
added 2026/07/10 11:16 p.m.5 views

CVE-2026-15089

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

9.1CVSS0.00508EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:54 p.m.10 views

CVE-2026-15089

The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...

9.1CVSS6.1AI score0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:54 p.m.35 views

CVE-2026-15089 Commerce guest registration - Critical - Unsupported - SA-CONTRIB-2026-079

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 7:57 p.m.38 views

CVE-2026-55377 Logto: Account Center MFA management step-up bypass via WebAuthn registration verification

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...

8.1CVSS0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/07/10 3:16 p.m.10 views

CVE-2026-59795

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible...

8.1CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 2:18 p.m.21 views

CVE-2026-59795

CVE-2026-59795 affects JetBrains TeamCity prior to 2026.1.2. The vulnerability is a stored XSS via unauthenticated agent registration, enabling cross-site script execution under defined conditions. CVSSv3.1 base score 8.1 (HIGH) with network attack vector, low attack complexity, no privileges req...

8.1CVSS6.1AI score0.00235EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/10 2:18 p.m.32 views

CVE-2026-59795

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible...

8.1CVSS0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 2:18 p.m.6 views

EUVD-2026-42913

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible...

8.1CVSS6.1AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 7:16 a.m.7 views

CVE-2026-12276

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 6:0 a.m.12 views

CVE-2026-12276

Affected software: LA-Studio Element Kit for Elementor WordPress plugin

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 6:0 a.m.31 views

CVE-2026-12276 LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/10 6:0 a.m.7 views

CVE-2026-12276

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 6:0 a.m.9 views

EUVD-2026-42829

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.7 views

PT-2026-57186

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1.2 Description Stored Cross-Site Scripting XSS is possible through the unauthenticated agent registration process. Stored XSS occurs when an application receives data from a user and includes that dat...

8.1CVSS6.1AI score0.00235EPSS
Exploits0References5
Rows per page
Query Builder