Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/01/03 5:1 p.m.8 views

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

7.1CVSS6.8AI score0.00255EPSS
Exploits1References1
OSV
OSV
added 2026/01/02 5:16 p.m.6 views

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

7.1CVSS5.8AI score0.00537EPSS
Exploits1References1
NVD
NVD
added 2026/01/02 5:16 p.m.9 views

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

7.1CVSS0.00255EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/02 4:49 p.m.3 views

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

7.1CVSS6.5AI score0.00255EPSS
Exploits1References1
CVE
CVE
added 2026/01/02 4:49 p.m.20 views

CVE-2025-69415

CVE-2025-69415 affects Plex Media Server (PMS). According to NVD/narratives, PMS <= 1.42.2.10156 allows accessing /myplex/account with a device token that is not properly aligned with the device’s current account association. The OpenVAS entry for Plex Media Server

7.1CVSS6.5AI score0.00255EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/01/02 4:49 p.m.28 views

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

7.1CVSS0.00255EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.6 views

PT-2026-1109

Name of the Vulnerable Software and Affected Versions Plex Media Server versions prior to 1.42.2.10157 Description Plex Media Server PMS has an issue where access to the /myplex/account endpoint with a device token is not correctly linked to the device's account association status. This could all...

8.5CVSS6.5AI score0.00537EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/10/30 12:0 a.m.2 views

FreeBSD : py-social-auth-app-django -- Unsafe account association (3116b6f3-b433-11f0-82ac-901b0edee044)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3116b6f3-b433-11f0-82ac-901b0edee044 advisory. Michal iha reports: Upon authentication, the user could be associated by e-mail even if the...

6.3CVSS5.6AI score0.00521EPSS
Exploits0References3
ICS
ICS
added 2025/10/23 12:0 a.m.4 views

Frontier Airlines website publicly available email address validation

RISK EVALUATION The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks. 2. RECOMMENDED PRACTICES Use a...

6.9CVSS7.1AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 8:57 p.m.42 views

CVE-2025-61783 Python Social Auth - Django has unsafe account association

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

6.3CVSS0.00521EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/09 8:57 p.m.3 views

CVE-2025-61783 Python Social Auth - Django has unsafe account association

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

6.3CVSS6.5AI score0.00521EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/09 8:57 p.m.15 views

EUVD-2025-33405

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

6.3CVSS6.4AI score0.00521EPSS
Exploits0References7
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.6 views

AddressRegistry can associate same CID to different addresses at the same time

Lines of code Vulnerability details The AddressRegistry contract can associate a CID NFT to an account address. As stated in the contest, the CID NFT can be transferred out of the account that registered it. However, once transferred it can be registered again while keeping the previous...

6.9AI score
Exploits0
Rows per page
Query Builder