Lucene search
K

24 matches found

EUVD
EUVD
added 2026/04/08 5:24 p.m.5 views

EUVD-2026-20534

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

5.9CVSS5.8AI score0.00294EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 5:24 p.m.2 views

CVE-2026-35407 Saleor has Cross-Account Email Change via Unbound Confirmation Token

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

5.9CVSS5.7AI score0.00294EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 5:24 p.m.12 views

CVE-2026-35407

Saleor’s CVE-2026-35407 describes a cross-account email-change weakness in the account email-change workflow. The confirmation token could be used for a different authenticated user, allowing the token’s new_email to update the second account’s address even though the token wasn’t issued for that...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.6 views

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 3:15 a.m.8 views

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS0.00206EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:19 a.m.7 views

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00206EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.5 views

PT-2026-2832

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

5.3CVSS6AI score0.003EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/14 8:56 p.m.5 views

Unverified Password Change

Overview flowise-ui is a Affected versions of this package are vulnerable to Unverified Password Change via the profile update process. An attacker can gain unauthorized access to user accounts by changing the email address associated with an account without additional verification steps. Note:...

7.1CVSS6.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/11/09 2:28 a.m.4 views

SUSE CVE-2016-11077

An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account...

2.7CVSS7AI score0.00624EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-1416

Malware in sbrugna...

4.3CVSS4.6AI score0.0062EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-44857

Malicious code in bioql PyPI...

9.1CVSS4.1AI score0.00526EPSS
Exploits0References2
NVD
NVD
added 2025/08/23 7:15 a.m.5 views

CVE-2025-5060

The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebookajaxlogincallback. This makes it possible for...

8.1CVSS0.00376EPSS
Exploits0References2
OSV
OSV
added 2025/06/17 12:15 p.m.2 views

CVE-2025-3880

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00235EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 12:58 a.m.10 views

CVE-2022-31185

mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the Hide Email Address checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if...

5.3CVSS7AI score0.00513EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:6 p.m.5 views

CVE-2021-37693

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email...

7.5CVSS6.7AI score0.00833EPSS
Exploits0References1
Apple
Apple
added 2023/05/18 12:0 a.m.123 views

About the security content of iOS 16.5 and iPadOS 16.5

About the security content of iOS 16.5 and iPadOS 16.5 This document describes the security content of iOS 16.5 and iPadOS 16.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

9.8CVSS9.3AI score0.1653EPSS
Exploits2References1Affected Software2
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.7 views

RubyGems 授权问题漏洞

RubyGems is a Ruby package manager from the RubyGems organization. The product is primarily used to distribute and manage Ruby packages. RubyGems suffers from a security vulnerability that stems from an error in the password and email change confirmation code that allows an attacker to change the...

8.8CVSS7.8AI score0.00814EPSS
Exploits0References3
OSV
OSV
added 2022/02/09 12:59 a.m.24 views

GHSA-RVFC-G8J5-9CCF Generation of Error Message Containing Sensitive Information in Keycloak

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack...

2.7CVSS3.3AI score0.00766EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/02/11 3:27 p.m.25 views

CVE-2020-1717

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack...

3.5AI score0.00766EPSS
Exploits0References2
CVE
CVE
added 2021/02/11 3:27 p.m.128 views

CVE-2020-1717

Keycloak 7.0.1 contains an account email enumeration issue where a logged-in user can determine whether an email is associated with an existing account. The CVE entry notes a low overall CVSS v3.1 base score (2.7) with Confidentiality impact as the primary concern; Privileges Required is High, an...

4CVSS3.6AI score0.00766EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder