38 matches found
GHSA-HMJ5-JM8H-H9FH Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint
Summary An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns...
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
EUVD-2019-0664
Malware in sbrugna...
EUVD-2022-1108
Malicious code in bioql PyPI...
EUVD-2023-1016
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-36402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. CVE-2021-36402 Note that...
CVE-2021-36402
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk...
CVE-2025-32782
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
CVE-2025-32782
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
CVE-2025-32782 Ash Authentication email link auto-click account confirmation vulnerability
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
CVE-2025-32782
CVE-2025-32782 affects Ash Authentication (Ash framework). The vulnerability stems from the account-creation confirmation flow, which uses a GET request triggered by clicking an email link. Some email clients and security tools may auto-follow the link, unintentionally confirming the new account ...
GHSA-3988-Q8Q7-P787 ash_authentication has email link auto-click account confirmation vulnerability
Impact The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow these links, unintentionally confirming the account. This...
ash_authentication has email link auto-click account confirmation vulnerability
Impact The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow these links, unintentionally confirming the account. This...
CVE-2024-51989 Cross-site Scripting (XSS) Vulnerability in PasswordPusher
Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting XSS vulnerability was identified in the PasswordPusher application, affecting versions v1.41.1 through and including v.1.48.0. The issue arises from an un-sanitized parameter...
CVE-2024-51989
The CVE-2024-51989 entry describes a cross-site scripting (XSS) vulnerability in PasswordPusher, affecting versions v1.41.1 through v1.48.0. The root cause is an unsanitized parameter that enables injection of malicious JavaScript. Affected deployments include self-hosted PasswordPusher installat...
BIT-MOODLE-2021-36402
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk...
Moodle < 3.9.24, 3.11.x < 3.11.17, 4.0.x < 4.0.11, 4.1.x < 4.1.6, 4.2.x < 4.2.3 Multiple Vulnerabilities
Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...
GHSA-GV8F-43PG-C5QW Moodle Improper Input Validation vulnerability
In affected versions of Moodle, users' names require additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. This issue has been patched in versions 3.9.8, 3.10.5 and 3.11.1...
UBUNTU-CVE-2021-36402
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk...
Design/Logic Flaw
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk...