20 matches found
EUVD-2002-0095
Malware in sbrugna...
EUVD-2025-7787
Malicious code in bioql PyPI...
CVE-2024-30471
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and...
CVE-2025-27507
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While...
CVE-2025-27507
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While...
CVE-2025-27507 IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While...
CVE-2025-27507 IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While...
Apache StreamPipes potentially allows creation of multiple identical accounts
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and...
GHSA-2QPH-V9P2-Q2GV Apache StreamPipes potentially allows creation of multiple identical accounts
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and...
CVE-2024-30471
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and...
CVE-2024-30471
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and...
CVE-2024-30471
Affected software: Apache StreamPipes (prior to 0.95.0). Component/issue: Time-of-check Time-of-use (TOCTOU) race condition during user self-registration. Root cause: Insufficient synchronization allows multiple concurrent requests to check/register the same email. Impact: Potential creation of m...
CVE-2024-30471 Apache StreamPipes: Potential creation of multiple identical accounts
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and...
CVE-2024-30471 Apache StreamPipes: Potential creation of multiple identical accounts
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and...
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...
CVE-2024-29868
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...
CVE-2024-29868
Apache StreamPipes (versions 0.69.0–0.93.0) uses a cryptographically weak PRNG for recovery token generation in user self-registration and password recovery, enabling an attacker to predict tokens and take over accounts. The issue affects multiple CVE records (CVE-2024-29868) and is mitigated by ...
CVE-2019-16097
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix:...
CVE-2002-0095
The default configuration of BSCW Basic Support for Cooperative Work 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed...
CVE-2002-0095
The default configuration of BSCW Basic Support for Cooperative Work 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed...