Lucene search
K

133 matches found

Cvelist
Cvelist
added 2026/07/06 10:45 p.m.33 views

CVE-2026-53642 FOSSBilling: Unverified clients can access client-area pages when email confirmation is required

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address emailapproved = 0 can access all client-area pages e.g. /client/balance,...

5.3CVSS0.00226EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 10:45 p.m.4 views

CVE-2026-53642 FOSSBilling: Unverified clients can access client-area pages when email confirmation is required

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address emailapproved = 0 can access all client-area pages e.g. /client/balance,...

5.3CVSS6AI score0.00226EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 10:45 p.m.6 views

CVE-2026-53642

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address emailapproved = 0 can access all client-area pages e.g. /client/balance,...

5.3CVSS6AI score0.00226EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/06 10:45 p.m.16 views

CVE-2026-53642

FOSSBilling versions 0.5.6–0.7.2 expose a page‑level access control flaw: when Require Email Confirmation is on, a logged‑in client with email_approved = 0 can access any /client/* page and read real account data (wallet balances, transaction history). The API enforces restrictions correctly to p...

5.3CVSS6AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56035

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When the Require Email Confirmation setting is enabled, a logged-in client with an unverified email address, indicated by the variable email approved = 0, can bypass page-side enforcement...

5.3CVSS5.9AI score0.00226EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.11 views

CVE-2026-35675

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...

8.8CVSS5.5AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 p.m.13 views

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS0.00217EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:46 p.m.6 views

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 12:46 p.m.9 views

CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 12:46 p.m.41 views

CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 12:46 p.m.13 views

EUVD-2026-34255

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 12:46 p.m.34 views

CVE-2026-43926

FOSSBilling prior to 0.8.0 allows probing the password-reset flow because the non-API controller for /client/reset-password-confirm/:hash is not rate-limited like /api/* endpoints. The endpoint may reveal valid vs invalid tokens (200 vs 302), enabling unlimited token guessing until expiry. Token ...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.26 views

PT-2026-46229

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 2:13 p.m.37 views

CVE-2026-35675 phpMyFAQ - Authentication Bypass via Missing Password Reset Token in /api/user/password/update

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...

8.8CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 6:16 p.m.19 views

CVE-2026-44707

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/26 5:10 p.m.40 views

CVE-2026-44707 Chatwoot: Pre-Account Takeover via OAuth on Unconfirmed Accounts

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...

6.8CVSS0.00344EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 5:24 p.m.3 views

CVE-2026-35407 Saleor has Cross-Account Email Change via Unbound Confirmation Token

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

5.9CVSS5.9AI score0.00294EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.5 views

CVE-2026-4021

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

8.1CVSS5.8AI score0.00436EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 12:30 a.m.5 views

EUVD-2026-14654

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

8.1CVSS5.7AI score0.00436EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:25 p.m.3 views

CVE-2026-4021

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

8.1CVSS5.7AI score0.00436EPSS
Exploits0References7
Rows per page
Query Builder