Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/12 3:42 p.m.34 views

CVE-2026-53981 Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS0.00267EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 7:25 p.m.3 views

CVE-2026-35407

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

6.5CVSS0.00294EPSS
Exploits0References6
CVE
CVE
added 2025/09/10 12:25 p.m.24 views

CVE-2025-7718

The CVE-2025-7718 entry concerns the Resideo Plugin for Resideo - Real Estate WordPress Theme. Affected versions up to 2.5.4 allow privilege escalation via account takeover because the plugin does not properly validate a user’s identity before updating sensitive details (e.g., email). This enable...

8.8CVSS6.1AI score0.003EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/09/14 3:5 a.m.6 views

Hiro: No Confirmation Email For Email Change

https://forum.blockstack.org/u/username/preferences/email Hello, it looks like there is a security flaw in this part. While changing email address from email1 to email2. A Confirmation email is sent to email2 not to email1 which is the main account. This can lead to account lost if someone has us...

6.8AI score
Exploits0
Rows per page
Query Builder