397 matches found
CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion
Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...
CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion
Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...
CVE-2026-53982
Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...
CVE-2026-53982 Cap-go Console < 12.28.2 Account Deletion DoS via Device Identifier Association
Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...
CVE-2026-53982 Cap-go Console < 12.28.2 Account Deletion DoS via Device Identifier Association
Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...
EUVD-2026-36505
Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly...
CVE-2026-53982
Capgo Console before 12.28.2 contains a denial‑of‑service vulnerability in the account deletion flow. Triggering account deletion while a device identifier is linked to the active session ties the deletion state to that device, causing the affected device or browser to be redirected to an account...
PT-2026-48935
Name of the Vulnerable Software and Affected Versions Capgo Console versions prior to 12.28.2 Description A denial-of-service issue exists in the account deletion flow. An attacker can block authentication and onboarding functions by triggering account deletion while a device identifier is linked...
CVE-2026-8046
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...
Incorrect Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the SESSIONPOOL process. An attacker can maintain unauthorized access to other users' notes and modify their content by keeping an active Socket.IO session after their administrativ...
CVE-2026-3565
The CVE-2026-3565 entry concerns the WordPress Taqnix plugin (versions
CVE-2026-3565 Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnixdeletemyaccount function, where the checkajaxreferer call is explicitly commented out on line 883. This makes it possib...
CVE-2026-3565
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnixdeletemyaccount function, where the checkajaxreferer call is explicitly commented out on line 883. This makes it possib...
CVE-2026-3565 Taqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX Action
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnixdeletemyaccount function, where the checkajaxreferer call is explicitly commented out on line 883. This makes it possib...
WordPress plugin Taqnix 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Taqnix plugin <= 1.0.3 - Cross-Site Request Forgery to Account Deletion vulnerability
Cross-Site Request Forgery to Account Deletion vulnerability discovered by theviper17y in WordPress Plugin Taqnix versions = 1.0.3...
EUVD-2026-22867
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...
CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...
CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...
CVE-2026-4002
CVE-2026-4002 affects the Petje.af WordPress plugin (versions