Lucene search
+L

410 matches found

Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-63095 Dendrite 0.13.8 Improper Authorization via POST account/3pid/delete Endpoint

Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint witho...

7.1CVSS0.00182EPSS
Exploits0References2
CVE
CVE
added 2 days ago12 views

CVE-2026-63095

CVE-2026-63095 affects Dendrite up to version 0.13.8. An improper authorization flaw in the Matrix Client-Server API allows any authenticated local user to delete another user’s third-party identifier (3PID) bindings by submitting an arbitrary address/medium to the account deletion endpoint witho...

7.1CVSS5.5AI score0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.11 views

EUVD-2026-40434

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, resulting in...

8.1CVSS5.8AI score0.00353EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56286

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, resulting in...

8.1CVSS0.00353EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.20 views

CVE-2026-56286

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re‑authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF, or parameter tampering, leading to unauthorized...

8.1CVSS5.8AI score0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.26 views

CVE-2026-56286 Capgo - Account Deletion Without Password Confirmation

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, resulting in...

8.1CVSS0.00353EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:8 p.m.3 views

CVE-2026-56286 Capgo - Account Deletion Without Password Confirmation

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, resulting in...

7CVSS5.9AI score0.00353EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-54030

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authentication bypass exists in the account deletion endpoint. This flaw allows the deletion of user accounts without requiring password re-authentication or secondary verification. Exploitation...

8.1CVSS5.8AI score0.00353EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.37 views

CVE-2026-9172 Devs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion via /delete-account/ REST Endpoint

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...

5.3CVSS0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 9:57 p.m.34 views

CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:57 p.m.6 views

CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS5.5AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 9:57 p.m.4 views

CVE-2026-53868 Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

8.7CVSS6AI score0.00258EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 5:16 p.m.10 views

CVE-2026-53982

Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...

7.1CVSS0.00329EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 4:25 p.m.33 views

CVE-2026-53982 Cap-go Console < 12.28.2 Account Deletion DoS via Device Identifier Association

Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...

7.1CVSS0.00329EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 4:25 p.m.19 views

CVE-2026-53982

Capgo Console before 12.28.2 contains a denial‑of‑service vulnerability in the account deletion flow. Triggering account deletion while a device identifier is linked to the active session ties the deletion state to that device, causing the affected device or browser to be redirected to an account...

7.1CVSS5.2AI score0.00329EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 4:25 p.m.9 views

CVE-2026-53982 Cap-go Console < 12.28.2 Account Deletion DoS via Device Identifier Association

Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...

7.1CVSS5.2AI score0.00329EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 4:25 p.m.3 views

CVE-2026-53982 Cap-go Console < 12.28.2 Account Deletion DoS via Device Identifier Association

Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...

7.1CVSS5.9AI score0.00329EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 4:25 p.m.11 views

EUVD-2026-36505

Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly...

7.1CVSS5.2AI score0.00329EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48935

Name of the Vulnerable Software and Affected Versions Capgo Console versions prior to 12.28.2 Description A denial-of-service issue exists in the account deletion flow. An attacker can block authentication and onboarding functions by triggering account deletion while a device identifier is linked...

7.1CVSS5.2AI score0.00329EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:45 a.m.11 views

CVE-2026-8046

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References2Affected Software16
Rows per page
Query Builder