Lucene search
+L

136 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 11:42 a.m.7 views

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

5.9CVSS6.8AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.6 views

CVE-2022-1631

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...

8.8CVSS6.8AI score0.08958EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 p.m.8 views

CVE-2020-13342

An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email...

4CVSS6.5AI score0.00881EPSS
Exploits0
OSV
OSV
added 2025/04/15 10:4 p.m.7 views

CVE-2025-32782 Ash Authentication email link auto-click account confirmation vulnerability

Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...

5.3CVSS6.8AI score0.00287EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/14 12:0 a.m.7 views

PT-2025-16540 · Unknown · Ashauthentication

Name of the Vulnerable Software and Affected Versions: Ash Authentication versions prior to 4.7.0 Description: The confirmation flow for account creation in Ash Authentication uses a GET request triggered by clicking a link sent via email. Some email clients and security tools may automatically...

5.3CVSS6.3AI score0.00287EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.16 views

Moodle < 4.1.15 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.15, 4.3.x prior to 4.3.9, or 4.4.x prior to 4.4.5. It is, therefore, affected by multiple vulnerabilities. - A potential denial of service risk due to guest sessions' longer timeout period. ...

7.3AI score
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.11 views

Moodle 4.4.x < 4.4.5 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.15, 4.3.x prior to 4.3.9, or 4.4.x prior to 4.4.5. It is, therefore, affected by multiple vulnerabilities. - A potential denial of service risk due to guest sessions' longer timeout period. ...

7.3AI score
Exploits0References15
OSV
OSV
added 2025/02/10 9:31 p.m.9 views

GHSA-R385-C5FC-X56C CouchAuth has a Server-Side Template Injection vulnerability in its email functionality

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

4.3CVSS7.3AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2025/02/10 8:15 p.m.6 views

CVE-2024-57177

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

7.3CVSS5.8AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 2025/01/04 2:15 a.m.4 views

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

5.9CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/01/04 2:15 a.m.15 views

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

5.9CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2025/01/04 12:0 a.m.81 views

CVE-2025-22385

Optimizely Configured Commerce before 5.2.2408 contains an issue where the Commerce B2B application does not require email confirmation for newly created accounts, enabling mass account creation and potential impacts to database storage (and non-requested storefront accounts). Affected version ra...

5.9CVSS6.5AI score0.00308EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/04 12:0 a.m.3 views

Optimizely Configured Commerce 安全漏洞

Optimizely Configured Commerce is a portfolio commerce platform from Optimizely, Inc. A security vulnerability exists in Optimizely Configured Commerce versions prior to 5.2.2408, which stems from an email confirmation not being required for newly created accounts...

5.9CVSS6.6AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/04 12:0 a.m.7 views

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

6.8AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/04 12:0 a.m.8 views

PT-2025-4481 · Optimizely · Optimizely Configured Commerce

Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: An issue was discovered in Optimizely Configured Commerce where the Commerce B2B application does not require email confirmation for newly created accounts. This allows th...

5.9CVSS7.2AI score0.00308EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/01/04 12:0 a.m.25 views

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

0.00308EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 9:31 p.m.7 views

CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

8.6CVSS6.7AI score0.00451EPSS
Exploits0References4
Veracode
Veracode
added 2024/05/17 2:30 p.m.12 views

Weak Entropy In Token Generation

friendsofsymfony/user-bundle is vulnerable to Weak Entropy in Token Generation. The vulnerability is due to the imprecise nature of the baseconvert function used in FOSUserBundle, which allows attackers to exploit the weakened randomness of tokens generated for email confirmation and password...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/15 9:42 p.m.14 views

FOSUserBundle Entropy is lost in the TokenGenerator

Description Because of the usage of baseconvert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically...

7.2AI score
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2024/05/07 7:36 a.m.27 views

HackerOne: Reset the 2FA of the user which can lead to Account Takeover

Vulnerability description not provided...

7.1AI score
Exploits0
Rows per page
Query Builder