CVE-2025-48478

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array the...

CVE-2024-45875

The create user function in baltic-it TOPqw Webportal 1.35.287.1 fixed in version1.35.291, in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries...

UBUNTU-CVE-2024-13041

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...

CVE-2021-25920

In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user...