Lucene search
K

24 matches found

CVE
CVE
added 2026/06/12 9:57 p.m.26 views

CVE-2026-53868

Capgo before 12.128.2 contains a denial-of-service vulnerability where attackers can register accounts with arbitrary, unverified emails and then delete them, causing pending deletions that lock legitimate users out for up to 30 days. Root cause: unverified email ownership in account lifecycle op...

8.7CVSS5.5AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.10 views

PT-2026-49045

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A denial of service issue exists where attackers can register accounts using arbitrary email addresses without verification. By initiating the deletion process for these accounts, attackers can lock...

8.7CVSS5.4AI score0.00258EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.12 views

MISP 授权问题漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes features for analyzing threats to network security and malware analysis. MISP has an authorization vulnerability;...

6CVSS5.8AI score0.00182EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 2:16 p.m.29 views

CVE-2026-6266

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS0.00397EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/04 1:40 p.m.6 views

CVE-2026-6266

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS5.7AI score0.00397EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 8:55 p.m.22 views

CVE-2026-32700

Devise (Rails) prior to v5.0.3 has a race condition in the Confirmable module used with reconfirmable, allowing an attacker to confirm a victim’s email by issuing two concurrent email-change requests. This desynchronizes confirmation_token and unconfirmed_email; the attacker controls the token’s ...

6CVSS5.8AI score0.00275EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

Devise 竞争条件问题漏洞

Devise is an open-source authentication solution based on Warden, developed by heartcombo. Versions of Devise prior to 5.0.3 had a race condition vulnerability, which stemmed from a race condition in the Confirmable module. This vulnerability could allow attackers to confirm email addresses that...

6CVSS5.8AI score0.00275EPSS
Exploits0References5
Veracode
Veracode
added 2025/12/24 7:40 a.m.7 views

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to failure to validate email ownership during the Slack import process, which allows an attacker to create verified user accounts with arbitrary email domains and bypass email-based team...

5.4CVSS5.8AI score0.00285EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2025/12/13 6:57 a.m.6 views

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of email ownership verification during profile updates, which allows an attacker to register an unauthorized email address and potentially cause information disclosure by redirecting notifications...

5.4CVSS5.8AI score0.00149EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.4 views

MantisBT 安全漏洞

MantisBT is a Web-based open source defect tracking system from the MantisBT team. The system provides project management and defect tracking services in a web-operated format. A security vulnerability exists in MantisBT version 2.27.1 and prior versions, which stems from a failure to verify...

5.4CVSS6.2AI score0.00149EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/17 8:40 a.m.12 views

CVE-2025-41410

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS7AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 9:30 a.m.6 views

EUVD-2025-34742

Mattermost has a Missing Authorization vulnerability...

5.4CVSS6.5AI score0.00285EPSS
Exploits0References5
NVD
NVD
added 2025/10/16 9:15 a.m.8 views

CVE-2025-41410

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/16 8:39 a.m.4 views

CVE-2025-41410 Slack import bypasses email verification for team access controls

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS6.5AI score0.00285EPSS
Exploits0References1
OSV
OSV
added 2025/10/16 8:39 a.m.7 views

CVE-2025-41410 Slack import bypasses email verification for team access controls

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS6.2AI score0.00285EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.4 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability in Mattermost 10.10.2 and prior versions 10.10.x, 10.5.10 and prior versions 10.5.x, and 10.11.2 and prior versions 10.11.x, which stems from the failure to validate email...

5.4CVSS6.4AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-0934

Malware in sbrugna...

6.5CVSS6.4AI score0.0093EPSS
Exploits0References4
NVD
NVD
added 2025/09/29 3:16 p.m.5 views

CVE-2025-55795

The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...

3.5CVSS0.00281EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:14 p.m.4 views

CVE-2021-39909

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval...

5.3CVSS6.1AI score0.00594EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:55 p.m.4 views

CVE-2020-14958

In Gogs 0.11.91, MakeEmailPrimary in models/usermail.go lacks a "not the owner of the email" check...

6.5CVSS6.7AI score0.0093EPSS
Exploits0
Rows per page
Query Builder