CVE-2026-50225
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.
Vulnerability Summary
EPSS Score (Exploitation Probability)
This vulnerability has a 0.04% probability of being exploited in the next 30 days, ranking higher than 13% of all scored CVEs.
CWE Classification
Related Vulnerabilities
Same Weakness Type(CWE-306)
Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.
Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.