PT-2026-31392

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

CVE-2020-24982

An issue was discovered in Quadbase ExpressDashboard EDAB 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account...

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R1.3.2 that stems from insufficient validation and authorization checks in the account email change process,...

EUVD-2019-11416

Malware in sbrugna...

EUVD-2018-11269

Malware in sbrugna...

EUVD-2022-38831

Malicious code in bioql PyPI...

EUVD-2024-54068

Malicious code in bioql PyPI...

EUVD-2024-50070

Malicious code in bioql PyPI...

Keycloak 访问控制错误漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak suffers from an access control error vulnerability that stems from a flaw in the account merge function during identity provider login, which could allow an attacker to gain access to a victim's...

CVE-2022-29270

In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address...

CVE-2020-15245

In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that th...

PT-2025-20486 · WordPress · Frontend Login/Registration Blocks

Name of the Vulnerable Software and Affected Versions: Frontend Login and Registration Blocks plugin for WordPress versions 1.0.0 through 1.0.7 Description: The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's identi...

CVE-2025-2526

CVE-2025-2526 affects the Streamit WordPress theme. The vulnerability allows privilege escalation via account takeover because st_Authentication_Controller::edit_profile does not properly validate the user before updating details (e.g., email), enabling unauthenticated attackers to change user em...

CVE-2024-12259

The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wcupdateuserdata AJAX...

Wire 代码问题漏洞

Wire-server is a backup server for the open source Wire secure messaging application. Wire-server has a security vulnerability that could be exploited to trigger a user's email address change using only a short-term session token in the "Authorization" header...