Lucene search
K

58 matches found

Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.16 views

PT-2026-39520

OpenCart 3.0.36 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and accoun...

6.9CVSS5.7AI score0.00151EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

9.1CVSS7AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.8 views

CVE-2019-20879

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry...

4.3CVSS6.9AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:6 a.m.7 views

CVE-2019-20875

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed...

5.3CVSS7AI score0.00769EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.21 views

CVE-2025-1313

The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email address. This makes it...

8.8CVSS6.9AI score0.00371EPSS
Exploits0References1
OSV
OSV
added 2025/10/31 7:15 p.m.4 views

CVE-2025-64349

ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration...

8.7CVSS6.9AI score0.00342EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-8361

Malware in sbrugna...

9.8CVSS9.2AI score0.0168EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-13407

Malware in sbrugna...

7.1CVSS6.8AI score0.00876EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-5403

Malware in sbrugna...

6.5CVSS6.5AI score0.01302EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-40118

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.0034EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21206

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00371EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0289

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00367EPSS
Exploits0References4
CVE
CVE
added 2025/08/16 6:39 a.m.32 views

CVE-2025-8898

CVE-2025-8898 concerns the WordPress plugin “Taxi Booking Manager for Woocommerce | E-cab”. The vulnerability allows privilege escalation via account takeover in all versions up to and including 1.3.0 (Wordfence notes 1.3.0; PT Security references 1.3.1+ as the fix). The root cause is insufficien...

9.8CVSS6AI score0.00438EPSS
Exploits0References3
NVD
NVD
added 2025/07/12 6:15 a.m.18 views

CVE-2025-1313

The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email address. This makes it...

8.8CVSS0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/12 5:30 a.m.9 views

CVE-2025-1313 Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email address. This makes it...

8.8CVSS0.00371EPSS
Exploits0References2
CVE
CVE
added 2025/07/12 5:30 a.m.27 views

CVE-2025-1313

The CVE-2025-1313 entry concerns Nokri – Job Board WordPress Theme. Connected sources confirm a privilege escalation via account takeover vulnerability affecting versions

8.8CVSS6.9AI score0.00371EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:45 a.m.4 views

CVE-2024-25618

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers CAS, SAML, OIDC to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication...

7.4CVSS6.5AI score0.00477EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.10 views

CVE-2023-30544

Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the My profile admin page. This page allowed them to change the email address registered with their account without the ownership verification performed...

4.3CVSS6.7AI score0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 p.m.6 views

CVE-2021-35214

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the us...

4.8CVSS7AI score0.01768EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:45 p.m.7 views

CVE-2005-4688

PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session...

5CVSS7AI score0.00884EPSS
Exploits0References1
Rows per page
Query Builder