Lucene search
K

59 matches found

EUVD
EUVD
added 2026/06/20 12:34 a.m.8 views

EUVD-2026-38092

Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful,...

9.4CVSS5.9AI score0.00188EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 9:39 p.m.26 views

CVE-2026-56073

CVE-2026-56073 affects Cap-go before 12.128.2. An authentication bypass in OTP verification lets an attacker bypass email verification by manipulating server responses, intercepting OTP requests and falsely marking verification as successful. This enables unauthorized 2FA enablement and potential...

9.4CVSS5.9AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 7:16 a.m.13 views

CVE-2026-8293

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...

7.5CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 4:16 p.m.25 views

CVE-2026-35675

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...

8.8CVSS0.00324EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/18 1:0 a.m.13 views

Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass

Summary Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts a profile.EmailVerified boolean that is set by each provider adapter. The...

9.8CVSS5.7AI score0.00809EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/18 1:0 a.m.4 views

GHSA-6G38-8J4P-J3PR Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass

Summary Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts a profile.EmailVerified boolean that is set by each provider adapter. The...

9.8CVSS5.7AI score0.00809EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.4 views

CVE-2026-34736

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 7:21 p.m.6 views

CVE-2026-34736

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS0.00211EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 6:29 p.m.14 views

CVE-2026-34736

Open edX Platform experiened an account-activation bypass vulnerability (CVE-2026-34736). In affected versions from maple up to just before ulmo, an unauthenticated attacker could bypass email verification by chaining two issues: the OAuth2 password grant issuing tokens to inactive users, and the...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 4:14 p.m.10 views

CVE-2026-32497

CVE-2026-32497 affects the WordPress plugin User Verification . The vulnerability is a weak authentication issue that enables authentication abuse via an email verification bypass in versions up to and including 2.0.45 (range: n/a through 2.0.45). Multiple sources corroborate the flaw and list th...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 4:27 a.m.5 views

CVE-2026-4283

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/03/23 2:36 p.m.6 views

WordPress User Verification plugin <= 2.0.45 - Email Verification Bypass vulnerability

Email Verification Bypass vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin User Verification versions = 2.0.45...

5.3CVSS5.8AI score0.00221EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/27 9:26 p.m.6 views

GHSA-282G-FHMX-XF54 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API

Summary A vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. Impact Zitadel provides an API for managing users. The API also allows users to self-manage their own data including updati...

8.2CVSS7AI score0.00176EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/26 3:13 a.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the UpdateHumanUser API. An attacker can bypass proper verification of email or phone by directly setting the verification flag without completing the intended verification process. This may allow unauthorized...

8.2CVSS6AI score0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/31 12:2 a.m.12 views

CVE-2025-65925

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

6.5CVSS6.8AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2025/12/30 5:15 p.m.7 views

CVE-2025-65925

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2025/12/30 5:15 p.m.7 views

CVE-2025-65925

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

6.5CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/12/30 12:0 a.m.12 views

CVE-2025-65925

CVE-2025-65925 affects Zeroheight SaaS prior to 2025-06-13, where a legacy user-creation API path allowed accounts to be created without completing email verification. Unverified accounts could not access product functionality, but the bypassed verification controls enabled unintended account cre...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6835

Malicious code in bioql PyPI...

8.5CVSS6.8AI score0.00662EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42679

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00493EPSS
Exploits0References2
Rows per page
Query Builder