77 matches found
phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint
Summary The WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, CAPTCHA, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Details File:...
PT-2026-6687
Name of the Vulnerable Software and Affected Versions SourceCodester Gas Agency Management System version 1.0 Description A flaw exists due to improper access controls in the processing of the /gasmark/php action/createUser.php file. This allows for unauthorized creation of accounts. The issue is...
CVE-2019-12502
There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI...
PT-2025-51071
Name of the Vulnerable Software and Affected Versions Postem Ipsum versions up to and including 3.0.1 Description The Postem Ipsum plugin for WordPress has a flaw that allows unauthorized modification of data, leading to privilege escalation. Attackers with Subscriber-level access or higher can...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
GHSA-MG56-WC4Q-RW4W memos vulnerability allows the creation of arbitrary accounts
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
EUVD-2025-201723
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
memos vulnerability allows the creation of arbitrary accounts
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
PT-2025-49564
Name of the Vulnerable Software and Affected Versions usememos memos version 0.25.2 Description A flaw in access control within the /api/v1/user endpoint of usememos memos allows unauthorized account creation through a specially crafted request. The issue allows attackers to bypass intended...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
Memos 安全漏洞
Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version v0.25.2, which stems from improper access control in the /api/v1/user endpoint and could lead to the unauthorized creation of arbitrary...
CVE-2025-65795
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...
OneUptime Unauthorized User Creation via API
Summary A low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. PoC A low-permission user sends a crafted API request to the user-creation endpoint and the system creates the account successfully. Impact This allows attacke...
CVE-2025-65966
CVE-2025-65966 affects OneUptime. In version 9.0.5598, a low-permission user can create new accounts via a direct API request, bypassing the intended UI restrictions. The issue is mitigated by upgrading to version 9.1.0 (patched). No exploit details are provided beyond the existence of a direct A...
CVE-2025-65966 OneUptime Unauthorized User Creation via API
OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0...
CVE-2025-65966 OneUptime Unauthorized User Creation via API
OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0...
EUVD-2024-55057
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...
CVE-2024-13994
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...
CVE-2024-13994 Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...