Lucene search
K

823 matches found

EUVD
EUVD
added 2026/05/28 4:20 p.m.10 views

EUVD-2026-32943

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...

5.8AI score0.00316EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:20 p.m.8 views

CVE-2026-9092

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...

5.8AI score0.00316EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 4:20 p.m.35 views

CVE-2026-9092

Casdoor, versions 2.362.0 and earlier, contains a vulnerability in the binding logic: the getExistUserByBindingRule function matches users by email without validating the email_verified claim from upstream providers, and the idp.UserInfo struct does not include an EmailVerified field. This can al...

9.1CVSS5.8AI score0.00316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:20 p.m.12 views

CVE-2026-9092 CVE-2026-9092

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...

5.8AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 4:16 p.m.27 views

CVE-2026-35675

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...

8.8CVSS0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.22 views

PT-2026-44421

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the email verified claim from upstream providers; the idp.UserInfo struct does not even...

5.8AI score0.00316EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:10 p.m.12 views

CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS5.8AI score0.00344EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

Chatwoot 授权问题漏洞

Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. In versions of Chatwoot from 2.14.0 to 4.13.0, there was a vulnerability related ...

6.8CVSS5.8AI score0.00344EPSS
Exploits0References4
CVE
CVE
added 2026/05/20 4:13 p.m.148 views

CVE-2026-9087

CVE-2026-9087 : In Keycloak, the cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity actually verified, allowing a second upstream account on the same IdP to be linked to the victim’s local account. Affected component: Keycloak auth...

8.1CVSS5.8AI score0.00312EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/20 4:12 p.m.11 views

CVE-2026-9087

A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account. Mitigation To...

8.1CVSS5.7AI score0.00312EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 3:46 p.m.7 views

GHSA-W9XH-5F39-VQ89 phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration

Summary An authentication bypass vulnerability in phpMyFAQ allows any unauthenticated attacker to reset the password of any user account, including SuperAdmin accounts. By sending a PUT request with just a valid username and associated email address to /api/user/password/update, an attacker...

8.2CVSS5.8AI score0.00324EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/20 3:46 p.m.14 views

phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration

Summary An authentication bypass vulnerability in phpMyFAQ allows any unauthenticated attacker to reset the password of any user account, including SuperAdmin accounts. By sending a PUT request with just a valid username and associated email address to /api/user/password/update, an attacker...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software2
Snyk
Snyk
added 2026/05/20 2:53 p.m.9 views

Authorization Bypass Through User-Controlled Key

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the cross-session email verification process. An attacker...

8.1CVSS5.4AI score0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 2:40 p.m.13 views

CVE-2026-41574 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...

9.3CVSS5.7AI score0.00809EPSS
Exploits1References4
CVE
CVE
added 2026/05/08 2:40 p.m.37 views

CVE-2026-41574

CVE-2026-41574 affects Nhost’s OAuth linking logic in the Go controller. The defect stems from trusting a provider’s EmailVerified flag when linking an incoming OAuth identity to an existing account. Several providers (Discord, Bitbucket, AzureAD, EntraID) either do not populate or misreport emai...

9.8CVSS5.8AI score0.00809EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/08 2:40 p.m.4 views

CVE-2026-41574 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...

9.3CVSS5.9AI score0.00809EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/08 2:40 p.m.33 views

CVE-2026-41574 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...

9.3CVSS0.00809EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/06 8:54 p.m.45 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the forgot password process. An attacker can determine whether an email address is registered by submitting requests and analyzing the responses. Remediation Upgrade statamic/cms to version 5.73.21, 6.15.0 or...

6.9CVSS5.8AI score0.00206EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 1:24 a.m.5 views

CVE-2026-5722

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.21 views

aap-controller: aap-gateway: Account hijacking and unauthorized access via unverified email linking

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS5.8AI score0.00397EPSS
Exploits0References4
Rows per page
Query Builder