5 matches found
CVE-2025-55795
The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...
CVE-2025-27143
CVE-2025-27143 – Better Auth open redirect . The flaw affects Better Auth (TypeScript) prior to v1.1.21, where the email verification endpoint (and any endpoint accepting a callback URL) fails to validate scheme-less URLs, allowing the browser to treat them as fully qualified URLs. This enables a...
HackerOne: Hackerone supports accounts organitation takeover
The HackerOne email change process was found to have a vulnerability where the system automatically verifies the email address if the verification link is opened in any browser, even by email scanning bots without human interaction. This allowed an attacker to verify email addresses belonging to ...
PT-2024-1045
Name of the Vulnerable Software and Affected Versions GitLab versions 16.1 through 16.7.1 Description The issue allows an attacker to specify a secondary email during a password reset request, enabling account takeover via password reset without user interaction. This vulnerability affects GitLab...
CVE-2023-2781 User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticateuserbyemail in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resendverificationemail function. This allows unauthenticated...