Lucene search
K

77 matches found

Github Security Blog
Github Security Blog
added 2026/02/27 9:1 p.m.12 views

phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint

Summary The WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, CAPTCHA, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Details File:...

7.5CVSS6AI score0.0041EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.13 views

PT-2026-6687

Name of the Vulnerable Software and Affected Versions SourceCodester Gas Agency Management System version 1.0 Description A flaw exists due to improper access controls in the processing of the /gasmark/php action/createUser.php file. This allows for unauthorized creation of accounts. The issue is...

6.5CVSS5.3AI score0.00254EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.9 views

CVE-2019-12502

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI...

9.3CVSS7AI score0.00814EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.8 views

PT-2025-51071

Name of the Vulnerable Software and Affected Versions Postem Ipsum versions up to and including 3.0.1 Description The Postem Ipsum plugin for WordPress has a flaw that allows unauthorized modification of data, leading to privilege escalation. Attackers with Subscriber-level access or higher can...

8.8CVSS6.2AI score0.00248EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/09 12:11 a.m.5 views

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.9AI score0.00223EPSS
Exploits1References1
OSV
OSV
added 2025/12/08 6:30 p.m.5 views

GHSA-MG56-WC4Q-RW4W memos vulnerability allows the creation of arbitrary accounts

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.8AI score0.00223EPSS
Exploits1References8
EUVD
EUVD
added 2025/12/08 6:30 p.m.6 views

EUVD-2025-201723

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.3AI score0.00223EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/12/08 6:30 p.m.8 views

memos vulnerability allows the creation of arbitrary accounts

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.9AI score0.00223EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.6 views

PT-2025-49564

Name of the Vulnerable Software and Affected Versions usememos memos version 0.25.2 Description A flaw in access control within the /api/v1/user endpoint of usememos memos allows unauthorized account creation through a specially crafted request. The issue allows attackers to bypass intended...

7.5CVSS6.6AI score0.00223EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/12/08 12:0 a.m.26 views

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

0.00223EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/08 12:0 a.m.1 views

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

6.5AI score0.00223EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.6 views

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version v0.25.2, which stems from improper access control in the /api/v1/user endpoint and could lead to the unauthorized creation of arbitrary...

7.5CVSS6.4AI score0.00223EPSS
Exploits1References5
OSV
OSV
added 2025/12/08 12:0 a.m.7 views

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.8AI score0.00223EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/11/26 7:33 p.m.6 views

OneUptime Unauthorized User Creation via API

Summary A low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. PoC A low-permission user sends a crafted API request to the user-creation endpoint and the system creates the account successfully. Impact This allows attacke...

8.8CVSS6.8AI score0.00269EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/11/26 6:10 p.m.15 views

CVE-2025-65966

CVE-2025-65966 affects OneUptime. In version 9.0.5598, a low-permission user can create new accounts via a direct API request, bypassing the intended UI restrictions. The issue is mitigated by upgrading to version 9.1.0 (patched). No exploit details are provided beyond the existence of a direct A...

8.8CVSS6.4AI score0.00269EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/26 6:10 p.m.2 views

CVE-2025-65966 OneUptime Unauthorized User Creation via API

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0...

8.8CVSS6.4AI score0.00269EPSS
Exploits1References1
OSV
OSV
added 2025/11/26 6:10 p.m.8 views

CVE-2025-65966 OneUptime Unauthorized User Creation via API

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0...

8.8CVSS6.5AI score0.00269EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/31 12:30 a.m.8 views

EUVD-2024-55057

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...

8.7CVSS6.3AI score0.00837EPSS
Exploits0References4
OSV
OSV
added 2025/10/30 10:15 p.m.6 views

CVE-2024-13994

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...

9.8CVSS5.8AI score0.00837EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 9:29 p.m.9 views

CVE-2024-13994 Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization

Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...

8.7CVSS0.00837EPSS
Exploits0References3
Rows per page
Query Builder