Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key because the create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker...

CVE-2026-46721

Summary (CVE-2026-46721): The issue is in the TYPO3 extension “Frontend User Registration” (sf_register). The create/edit flows allow submitting arbitrary user properties and do not enforce frontend access control on user-group assignment, enabling an attacker to assign any frontend user group to...

CVE-2026-46721 Broken Access Control in extension "Frontend User Registration" (sf_register)

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

EUVD-2016-9902

Malware in sbrugna...

EUVD-2023-41385

Malicious code in bioql PyPI...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php...