15 matches found
EUVD-2025-25906
Malicious code in bioql PyPI...
CVE-2025-54599
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...
CVE-2025-54599
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...
CVE-2025-54599
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...
CVE-2025-54599
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...
CVE-2025-54599
The CVE-2025-54599 entry concerns Bevy Event service versions through 2025-07-22 (used for eBay Seller Events). Affected component is the SSO configuration handling that allows account takeover when a victim changes the configured email address. The root cause is a misconfiguration of SSO, enabli...
CVE-2025-54599
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...
Bevy Event 安全漏洞
Bevy Event is a communication mechanism in the Bevy Engine from Bevy USA. A security vulnerability exists in Bevy Event version 2025-07-22 and earlier, which stems from a misconfiguration of SSO and could lead to account takeover...
CVE-2025-54598
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...
CVE-2025-54598
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...
CVE-2025-54598
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...
PT-2025-34886 · Ebay · Bevy Event Service
Name of the Vulnerable Software and Affected Versions: The Bevy Event service versions through 2025-07-22 Description: The Bevy Event service, used for eBay Seller Events and other activities, is susceptible to a Cross-Site Request Forgery CSRF issue. This flaw allows an attacker to delete all...
CVE-2025-54598
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...
CVE-2025-54598
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...
CVE-2025-54598
Bevy Event service (as used for eBay Seller Events) up to 2025-07-22 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that enables an attacker to delete all notifications via the /notifications/delete/ endpoint. Root cause is CSRF on the notification-deletion path; impact is parti...