14 matches found
CVE-2026-29193
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...
EUVD-2022-3822
Malicious code in bioql PyPI...
CVE-2021-25973
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only...
Moodle allows attackers obtain full-name information
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register...
GHSA-FQRG-VMVJ-JV3X Moodle allows attackers obtain full-name information
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register...
Publify `guest` role users can self-register even when the admin does not allow it
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow it. This happens due to front-end restriction only...
GHSA-X24J-87X9-JVV5 Publify `guest` role users can self-register even when the admin does not allow it
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow it. This happens due to front-end restriction only...
Privilege Escalation
publifycore is vulnerable to privilege escalation. The vulnerability exists due to the front-end restrictions. A malicious user with a guest role can self-register, even if the admin does not allow it...
Improper Authorization in Publify
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow. This happens due to front-end restriction only...
CVE-2020-7984
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the...
VMware Harbor Privilege Escalation (VMSA-2019-0015) (CVE-2019-16097)
The remote VMware Harbor cloud native registry is affected by a remote privilege escalation vulnerability. Instances of VMware Harbor with DB as the authentication backend and which allow users to self-register are vulnerable. An authenticated, non-administrator, remote attacker can exploit this ...
CVE-2015-3176
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register...
Design/Logic Flaw
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register...
BSCW 3.4/4.0 Insecure Default Installation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3777/info BSCW Basic Support for Cooperative Work is a web-based groupware application, allowing users to share a workspace via a web interface. It runs on Microsoft Windows NT/2000 systems, as well as a number of Unix...