Lucene search
K

833 matches found

Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.17 views

PT-2026-37128

Name of the Vulnerable Software and Affected Versions Nhost versions prior to 0.49.1 Description Nhost automatically links incoming OAuth identities to existing accounts when email addresses match, provided the email is marked as verified. Several provider adapters fail to correctly populate the...

9.8CVSS5.9AI score0.00809EPSS
Exploits1References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 9:56 a.m.7 views

Malicious code in f0-email-verification (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f1be0fb20c0bda97570f04e023025da0e132b6f20c647025acbbaaad2916722 The package f0-email-verification was found to contain malicious code...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/16 9:56 a.m.7 views

MAL-2026-2760 Malicious code in f0-email-verification (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f1be0fb20c0bda97570f04e023025da0e132b6f20c647025acbbaaad2916722 The package f0-email-verification was found to contain malicious code...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.9 views

Craft Commerce 安全漏洞

Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Vulnerabilities exist in versions 4.0.0 to 4.10.2, as well as 5.0.0 to 5.5.4 of Craft Commerce. These vulnerabilities stem from the PaymentsController::actionPay function, which allows order data to be disclosed to...

6.3CVSS5.7AI score0.00295EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2026/04/09 12:0 a.m.8 views

grafana security update

9.2.10-29.0.1 - Fixes CVE-2024-1442 Add email verification when updating user email Orabug: 38550520 9.2.10-29 - Resolves RHEL-156639: CVE-2026-25679...

7.5CVSS7.2AI score0.00802EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/06 5:59 p.m.9 views

Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri

Hi, I found that 6 endpoints in Authorizer accept a user-controlled redirecturi and append sensitive tokens to it without validating the URL against AllowedOrigins. The OAuth /app handler validates redirecturi at httphandlers/app.go:46, but the GraphQL mutations and verifyemail handler skip...

6AI score
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/04 10:54 p.m.6 views

CVE-2026-34947

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.4 views

CVE-2026-34736

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/04/03 10:16 p.m.13 views

CVE-2026-34947

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS0.00211EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/03 9:35 p.m.7 views

Auth0OAuthenticator has an Authentication Bypass via Unverified Email Claims

Summary An authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email is used as the usrnameclaim, this gives users control over their username and the possibility of account takeover. Impact This...

8.8CVSS5.9AI score0.00438EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 9:27 p.m.2 views

CVE-2026-34947

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/03 9:27 p.m.16 views

CVE-2026-34947

CVE-2026-34947 affects Discourse. Versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0 expose staged user custom fields and username on public invite pages without email verification. The issue has been patched in 2026.1.3, 2026.2...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 9:27 p.m.3 views

CVE-2026-34947 Discourse: Staged user custom fields are exposed on public invite pages

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 9:27 p.m.3 views

EUVD-2026-18882

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 9:27 p.m.27 views

CVE-2026-34947 Discourse: Staged user custom fields are exposed on public invite pages

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/04/03 9:27 p.m.3 views

CVE-2026-34947 Discourse: Staged user custom fields are exposed on public invite pages

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.9AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.17 views

PT-2026-30244

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References3
NVD
NVD
added 2026/04/02 7:21 p.m.7 views

CVE-2026-34736

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 6:29 p.m.3 views

CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:29 p.m.2 views

CVE-2026-34736

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References3
Rows per page
Query Builder