13 matches found
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69415
CVE-2025-69415 affects Plex Media Server (PMS). According to NVD/narratives, PMS <= 1.42.2.10156 allows accessing /myplex/account with a device token that is not properly aligned with the device’s current account association. The OpenVAS entry for Plex Media Server
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
PT-2026-1109
Name of the Vulnerable Software and Affected Versions Plex Media Server versions prior to 1.42.2.10157 Description Plex Media Server PMS has an issue where access to the /myplex/account endpoint with a device token is not correctly linked to the device's account association status. This could all...
FreeBSD : py-social-auth-app-django -- Unsafe account association (3116b6f3-b433-11f0-82ac-901b0edee044)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3116b6f3-b433-11f0-82ac-901b0edee044 advisory. Michal iha reports: Upon authentication, the user could be associated by e-mail even if the...
Frontier Airlines website publicly available email address validation
RISK EVALUATION The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks. 2. RECOMMENDED PRACTICES Use a...
CVE-2025-61783 Python Social Auth - Django has unsafe account association
Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...
CVE-2025-61783 Python Social Auth - Django has unsafe account association
Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...
EUVD-2025-33405
Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...
AddressRegistry can associate same CID to different addresses at the same time
Lines of code Vulnerability details The AddressRegistry contract can associate a CID NFT to an account address. As stated in the contest, the CID NFT can be transferred out of the account that registered it. However, once transferred it can be registered again while keeping the previous...