Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/09/30 12:45 a.m.8 views

CVE-2025-55795

The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...

3.5CVSS6.5AI score0.00281EPSS
Exploits1References1
CVE
CVE
added 2025/02/24 10:16 p.m.80 views

CVE-2025-27143

CVE-2025-27143 – Better Auth open redirect . The flaw affects Better Auth (TypeScript) prior to v1.1.21, where the email verification endpoint (and any endpoint accepting a callback URL) fails to validate scheme-less URLs, allowing the browser to treat them as fully qualified URLs. This enables a...

6.9CVSS7AI score0.00324EPSS
Exploits0References5Affected Software1
Hacker One
Hacker One
added 2024/10/23 4:48 a.m.29 views

HackerOne: Hackerone supports accounts organitation takeover

The HackerOne email change process was found to have a vulnerability where the system automatically verifies the email address if the verification link is opened in any browser, even by email scanning bots without human interaction. This allowed an attacker to verify email addresses belonging to ...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.5 views

PT-2024-1045

Name of the Vulnerable Software and Affected Versions GitLab versions 16.1 through 16.7.1 Description The issue allows an attacker to specify a secondary email during a password reset request, enabling account takeover via password reset without user interaction. This vulnerability affects GitLab...

10CVSS9.4AI score0.94955EPSS
Exploits16References277
Vulnrichment
Vulnrichment
added 2023/06/02 11:37 p.m.22 views

CVE-2023-2781 User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass

The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticateuserbyemail in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resendverificationemail function. This allows unauthenticated...

8.1CVSS7.3AI score0.01172EPSS
Exploits0References4
Rows per page
Query Builder