Hacking Meta’s AI Chatbot

Hackers are convincing Meta's AI support chatbot to let them take over other peoples' accounts: A video posted on X showed the step-by-step process to hack someone's Instagram account. The hacker allegedly used a VPN to spoof the targets' presumed location to avoid triggering Instagram's automate...

EUVD-2026-15811

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...

CVE-2026-2995 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...

CVE-2024-6023

The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2024-6023

The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

PT-2024-37326 · WordPress · Content Blocks

Name of the Vulnerable Software and Affected Versions: ContentLock WordPress plugin versions 1.0.0 through 1.0.3 Description: The issue concerns a lack of CSRF check when adding emails, which could allow attackers to make a logged-in admin perform such an action via a CSRF attack. Recommendations...

WordPress ContentLock plugin <= 1.0.3 - Email Adding via CSRF vulnerability

Email Adding via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin ContentLock versions = 1.0.3...

Mozilla: Bypass Email Verification on Add Email Monitoring

A security vulnerability has been identified in the email verification process of Mozilla Monitor. The issue allowed attackers to bypass the email verification step when adding a new email address for monitoring. The vulnerability was exploited by obtaining the verification token from the server...

Weblate: Adding Email lacks Password validation

Affected URL: https://demo.weblate.org/accounts/email/ Issue: The account section of profile says: "You can add another email address on the Authentication tab." But there is no option of adding another email in Authentication. However, I was able to guess the above endpoint. The problem here is,...