823 matches found
EUVD-2026-32943
Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...
CVE-2026-9092
Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...
CVE-2026-9092
Casdoor, versions 2.362.0 and earlier, contains a vulnerability in the binding logic: the getExistUserByBindingRule function matches users by email without validating the email_verified claim from upstream providers, and the idp.UserInfo struct does not include an EmailVerified field. This can al...
CVE-2026-9092 CVE-2026-9092
Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...
CVE-2026-35675
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...
PT-2026-44421
Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the email verified claim from upstream providers; the idp.UserInfo struct does not even...
CVE-2026-44707
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
Chatwoot 授权问题漏洞
Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. In versions of Chatwoot from 2.14.0 to 4.13.0, there was a vulnerability related ...
CVE-2026-9087
CVE-2026-9087 : In Keycloak, the cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity actually verified, allowing a second upstream account on the same IdP to be linked to the victim’s local account. Affected component: Keycloak auth...
CVE-2026-9087
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account. Mitigation To...
GHSA-W9XH-5F39-VQ89 phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
Summary An authentication bypass vulnerability in phpMyFAQ allows any unauthenticated attacker to reset the password of any user account, including SuperAdmin accounts. By sending a PUT request with just a valid username and associated email address to /api/user/password/update, an attacker...
phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
Summary An authentication bypass vulnerability in phpMyFAQ allows any unauthenticated attacker to reset the password of any user account, including SuperAdmin accounts. By sending a PUT request with just a valid username and associated email address to /api/user/password/update, an attacker...
Authorization Bypass Through User-Controlled Key
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the cross-session email verification process. An attacker...
CVE-2026-41574 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...
CVE-2026-41574
CVE-2026-41574 affects Nhost’s OAuth linking logic in the Go controller. The defect stems from trusting a provider’s EmailVerified flag when linking an incoming OAuth identity to an existing account. Several providers (Discord, Bitbucket, AzureAD, EntraID) either do not populate or misreport emai...
CVE-2026-41574 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...
CVE-2026-41574 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the forgot password process. An attacker can determine whether an email address is registered by submitting requests and analyzing the responses. Remediation Upgrade statamic/cms to version 5.73.21, 6.15.0 or...
CVE-2026-5722
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...
aap-controller: aap-gateway: Account hijacking and unauthorized access via unverified email linking
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...