Lucene search
K

71 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.12 views

CVE-2017-20245 Wow Viral Signups 2.1 WordPress Plugin SQL Injection

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payload...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 11:48 a.m.10 views

EUVD-2017-18971

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payload...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 11:48 a.m.22 views

CVE-2017-20245

CVE-2017-20245 affects the Wow Viral Signups 2.1 WordPress plugin. It describes an SQL injection through the unescaped idsignup POST parameter in admin-ajax.php, allowing unauthenticated attackers to extract data from the database. CVSS 3.1 base score 8.2 (HIGH) and CVSS 4.0 base score 8.8 (HIGH)...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47768

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payload...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.8 views

WordPress plugin Wow Viral Signups SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-41259

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

8.2CVSS5.5AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 8:2 p.m.24 views

CVE-2026-44443

Lumiverse prior to version 0.9.7 is affected by a nonce race condition in consumeNonce(): the function only checks module-level state, not the incoming request value or binding the nonce to the admin session. If admin sign-up via POST /api/auth/sign-up/email triggers a failure before the before h...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.11 views

CVE-2026-44567

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References1
NVD
NVD
added 2026/05/15 10:16 p.m.27 views

CVE-2026-44567

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS0.0023EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 8:59 p.m.10 views

CVE-2026-44567 Open WebUI: Open WebUI Improper Authorization Control

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 8:59 p.m.37 views

CVE-2026-44567 Open WebUI: Open WebUI Improper Authorization Control

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS0.0023EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 8:59 p.m.16 views

EUVD-2026-30643

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:59 p.m.7 views

CVE-2026-44567

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/15 8:59 p.m.20 views

CVE-2026-44567

Open WebUI improperly authorizes users with a pending role. The CVE describes that prior to v0.1.124 the API does not validate that a user has an authorized role, allowing a pending user to access endpoints intended for authenticated users. Technical details show get_current_user() validates JWTs...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2026/05/12 2:47 p.m.9 views

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems , the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on RubyGems right now," Maciej Mensfeld, senior product manager for...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.5 views

WordPress plugin Doccure Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

9.8CVSS6.5AI score0.00361EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-46156

Malicious code in bioql PyPI...

6.5CVSS9AI score0.00436EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23169

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/21 12:0 a.m.10 views

CVE-2025-52352

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to...

0.00538EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.5 views

CVE-2025-54573

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

6.5CVSS6.3AI score0.00268EPSS
Exploits0References1
Rows per page
Query Builder