CVE-2026-44166

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

CVE-2026-44166

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

CVE-2026-44166 Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

GHSA-PQ7P-MC74-G65W PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

A pre-hijacking issue was discovered with the OAuth2 autolinking by Alardiians. In some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When the...

PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

A pre-hijacking issue was discovered with the OAuth2 autolinking by Alardiians. In some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When the...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the getapivideopasswordiscorrect API endpoint, which allowed any unverified user to validate...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.6.6, 18.7.4...

MetaGPT code issues and vulnerabilities

MetaGPT is a multi-agent framework developed by MetaGPT Inc. There are code issues and vulnerabilities in MetaGPT; these vulnerabilities stem from the deserializemessage function’s lack of verification of the data provided by users, which may lead to the deserialization of untrusted data and remo...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from unverified user queue buffer virtual addresses and sizes...

EUVD-2018-0744

Malware in sbrugna...

EUVD-2024-41745

Malicious code in bioql PyPI...

CVE-2024-45647

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password...

CVE-2024-13528

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for...

CVE-2024-13528

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for...

CVE-2024-13528 Customer Email Verification for WooCommerce <= 2.9.5 - Authentication Bypass via Shortcode

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for...

CVE-2020-13272

OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that stems from an unverified user space buffer and memory corruption when taking snapshots using a hardware encoder...

CVE-2024-45647

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password...

PT-2025-2718 · Ibm · Ibm Security Verify Access +1

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access versions 10.0.0 through 10.0.8 IBM Security Verify Access Docker versions 10.0.0 through 10.0.8 Description: The issue allows an unverified user to change the password of an expired user without prior knowledge of...

GitLab 12.3 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2020-13272)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow CVE-2020-13272 Note that Nessus has not tested for this issue but...