4 matches found
CVE-2026-53981 Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism
Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...
CVE-2026-35407
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...
CVE-2025-7718
The CVE-2025-7718 entry concerns the Resideo Plugin for Resideo - Real Estate WordPress Theme. Affected versions up to 2.5.4 allow privilege escalation via account takeover because the plugin does not properly validate a user’s identity before updating sensitive details (e.g., email). This enable...
Hiro: No Confirmation Email For Email Change
https://forum.blockstack.org/u/username/preferences/email Hello, it looks like there is a security flaw in this part. While changing email address from email1 to email2. A Confirmation email is sent to email2 not to email1 which is the main account. This can lead to account lost if someone has us...